Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate Content-Type header for REST API requests #10031

Closed
jeremystretch opened this issue Aug 16, 2022 · 1 comment
Closed

Validate Content-Type header for REST API requests #10031

jeremystretch opened this issue Aug 16, 2022 · 1 comment
Assignees
@jeremystretch
Labels
status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application

Comments

@jeremystretch
Copy link
Member

NetBox version

v3.2.9

Feature type

New functionality

Proposed functionality

Implement logic to check that the Content-Type header for inbound REST API requests has been properly set to application/json, and return an error if missing or invalid.

Use case

Currently, if a REST API request is made to create an object without specifying the correct content type, validation will fail reporting missing required fields. This is because the serializer (which expects JSON data) is not properly processing the request. This can be very confusing to the user.

Database changes

No response

External dependencies

No response
@jeremystretch jeremystretch added type: feature Introduction of new functionality to the application status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation labels Aug 16, 2022
@jeremystretch
Copy link
Member Author

One way to approach this would be to omit any parsers other than JSONParser in the DRF settings:

    'DEFAULT_PARSER_CLASSES': [
        'rest_framework.parsers.JSONParser',
        # 'rest_framework.parsers.FormParser',
        # 'rest_framework.parsers.MultiPartParser'
    ],

This triggers a 415 error if the Content-Type header is not set:

{
    "detail": "Unsupported media type \"application/x-www-form-urlencoded\" in request."
}

@jeremystretch jeremystretch added status: accepted This issue has been accepted for implementation and removed status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation labels Aug 24, 2022
@jeremystretch jeremystretch self-assigned this Aug 24, 2022
@jeremystretch jeremystretch mentioned this issue Aug 25, 2022
Merged
@ctullos ctullos mentioned this issue Aug 28, 2022
Closed
jeremystretch added a commit that referenced this issue Aug 29, 2022
@jeremystretch
Fixes #10181: Restore MultiPartParser (regression from #10031)
0e4911a
jeremystretch added a commit that referenced this issue Aug 29, 2022
@jeremystretch
Merge pull request #10200 from netbox-community/10181-api-file-upload
e0741cc 
Fixes #10181: Restore MultiPartParser (regression from #10031)
@jeremystretch jeremystretch mentioned this issue Sep 2, 2022
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jeremystretch jeremystretch

Labels
status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jeremystretch