How to disallow unknown query parameter?
See original GitHub issueThe operation object allows folks to specify parameters, but how can I express that no unnamed parameters may be accepted?
We’ve had issues where clients are passing in query parameters thinking that they’re accepted when actually they are not.
How do folks feel about introducing something like additionalQueryParameters
for parameters?
/foo:
get:
parameters:
limit:
in: query
offset:
in: query
additionalQueryParameters: false
...
Then when folks do GET /foo?start=xxx-xxx-xxx
they’ll get an error instead of a silent failure.
Other links on the web:
- https://stackoverflow.com/questions/58187233/is-it-possible-to-disallow-unknown-query-parameters-in-an-openapi-v3-spec
- https://github.com/cdimascio/express-openapi-validator/issues/133
- https://github.com/opengeospatial/ogcapi-features/issues/128
- https://softwareengineering.stackexchange.com/a/311489
Issue Analytics
- State:
- Created 2 years ago
- Reactions:7
- Comments:8 (3 by maintainers)
Top Results From Across the Web
Is it possible to disallow unknown query parameters in an ...
In OpenAPI, you can specify additionalProperties: false as part of an object schema to indicate that extra, unknown properties in a request ......
Read more >rest - Should I be permissive of unknown parameters?
In my opinion, you should return an Invalid Request status, so that the client knows that what it's trying to do isn't valid....
Read more >Unknown parameter - Common causes and quick fixes - Opster
A detailed guide on how to resolve errors related to "unknown parameter"
Read more >Multiple unknown query parameters with UI Router state?
you dont have to declare query string params in the url parameter, i think you can get away with just url : '/search?'...
Read more >Pass API Gateway REST API parameters to a Lambda ... - AWS
4. Expand the URL Query String Parameters dropdown list, then choose Add query string. 5. For the Name field, enter pet, and then...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
If we moved to representing all
in:query
parameters as an object described by a single JSON schema, then we would get this functionality ‘for free’ with the existingadditionalProperties
keyword.So where does this put us today.
@savage-alex you make a good point about what we actually should and shouldn’t document in our specifications.
Perhaps we should ask, “when would it be desirable to permit undocumented query parameters?” If we have no good use cases for it, maybe we should by default specify that implementations should reject unknown query parameters in general.