-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP POST response of an existing resource #422
Comments
Is the second post going towards /collections/id/items/id or /collections/id/items? For /collections/id/items/id: Shouldn't that just be a 405 - Method not allowed? |
I assume this is about a POST request to /collections/mycollection/items and the API always uses information in the payload to determine the new feature id and that id already exists (otherwise it would simply create another feature). I agree that 403 is not appropriate. The issue is not about authorization. But I also do not see where the current draft says that 403 should be used? I would return a 400 as this is a client error and point out the id conflict in the response. 400 in HTTP is not limited to syntactical errors. Also, 422 is not specified in RFC 7231 (HTTP). It is specified by WebDAV and I would avoid 422 in an API that does not implement WebDAV. |
Your assumption is correct, The draft doesn't say that Also, I was not aware that |
If the target of the POST is /collections/{collectionsId}/items/{id} then I think 405 is appropriate since, in fact, we have no POST behaviour defined for /collections/{collectionId}/items/{id}. If the target of the POST is /collections/{collectionId}/items then the server should just create a new feature. You cannot change a feature using a POST at the /collections/{collectionId}/items endpoint, you can only do that at the /collection/{collectionId}/items/{id} endpoint with a PUT or PATCH method. |
Oops ... didn't completely read the post! Yes, in this case, 400 seems reasonable ... so stop making bulging eyes at me! ;) LOL! |
2020-08-16: @pvretano will verify that the spec is consistent with the conclusion here and update the document, if necessary. |
I have reviewed clause 4.3.3 of RFC7231 and as far as I can tell, the behaviour of POST is correctly specified in Part 4. The two key paragraphs from clause 4.3.3 are:
I am not sure that I agree that we should return a 400 when a POST is used at the /collection/{collectionId}/items/{featureId} endpoint. I think that, in fact, a 405 is more appropriate. Clause 6.5.5 of RFC7231 says: "The 405 (Method Not Allowed) status code indicates that the method received in the request-line is known by the origin server but not supported by the target resource. The origin server MUST generate an Allow header field in a 405 response containing a list of the target resource's currently supported methods." To be clear about which combinations of resource endpoints and HTTP methods are defined in the specification I added a table to scope that lists the resource endpoint/HTTP method combination and links to the relevant clause in the specification. See this pull request. |
On the pygeoapi data transactions implementation (@alex-mathew ), there was some questions concerning the following scenario:
Scenario:
POST
request, and had aHTTP/1.1 201 Created
POST
instead ofPUT
, payload it correct. But HTTP verb option is not the bestCurrent docs indicate:
403 Forbidden
- Indicates that authentication is not the issue, but the client is not authorized to perform the requested operation on the resource.Comments:
PUT
422 Unprocessable Entity
for this case (The 422 Unprocessable Entity status code means the server understands the content type of the request entity (hence a 415 Unsupported Media Type status code is inappropriate), and the syntax of the request entity is correct (thus a 400 Bad Request status code is inappropriate) but was unable to process the contained instructions.).Sugguestion:
422 Unprocessable Entity
to allowed exceptionsThe text was updated successfully, but these errors were encountered: