-
Notifications
You must be signed in to change notification settings - Fork 256
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make body parsers opt in #586
Comments
todo |
Don't know if it'd make sense to have a list of valid parsers added to the endpoint. Seems odd that we're traversing all paths. Could it be added as a pre-route for the particular endpoint? (Idk if it'll work.) @meztez Are you looking to make a PR for this? If so, mind making it onto #584 ? |
@schloerke Yes |
Are you ok with the current behavior? Parsers (and query filter by extension) are executed before we reject a request because we can't serve it. Also Another alternative is to remove parsing from the postBodyFilter and to do it in a pre-exec step on req$postBodyRaw |
I agree that creating the req$postBodyRaw or parsing the the query string should always be done. Parsing using a particular parser should be an endpoint thing. (Something that is opt-in.) Doing this as a pre exec (or some pre- step) sounds like a good idea! |
> #* @parse parser_json(simplifyVectors = FALSE) # returns a mime type and function
> #* @parse plumber::parse_tsv(delim = "\t") I think you should only parse something like > #* @parse json list(simplifyVectors = FALSE)
> #* @parse tsv list(delim = "\t") Evaluating function from the plumb block would require that we eval everything outside blocks before evaluating the block itself to make sure something that is defined elsewhere in the plumb file is picked up. |
Yes. We could do it similar to
So |
I have a working prototype, I'll commit there until i've dealt with tests. |
Thank you for the help, @meztez ! |
Related #584
Goals
rds
parsing should only be done from a trusted source. Do not acceptrds
blindly.function(mime_type, parser){}
/upload_white_list
is an example of how we could define 4 parsers for this route. By default,@parse json
will be used./upload_anything
should be allowed to use any parser that is registered. (Not recommended)cc @jcheng5
The text was updated successfully, but these errors were encountered: