Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shouldn't allow setting the ID of resources on POST #3600

Open
tuxpiper opened this issue Jul 1, 2019 · 0 comments

Comments

Projects
None yet
1 participant
@tuxpiper
Copy link
Member

commented Jul 1, 2019

Describe the bug
When creating a resource with a POST request to the API, the requester setting the ID of the object should be forbidden with an error.

This has been observed happening on Post resources, but possibly is happening with others as well.

Where was the bug observed
Any current Lumen deployment

To Reproduce
Steps to reproduce the behavior:

  1. Create a Post via the browser UI, while the Network tab of Developer tools is open
  2. Locate the POST request in the Network tab and copy as curl
  3. Paste request in terminal, edit the JSON object in the --data-binary argument adding a "id" property with an integer value of your choice . Send the request
  4. The API complies and creates the object as requested

Expected behavior
The API should return a 422 (Unprocessable Entity) status code error and not perform the operation.

Is there a workaround? What is it.
n/a

Screenshots
n/a

URL / Environment where this happened
Any environment

Additional context
Add any other context about the problem here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.