Skip to content

Content-Type is not validated #229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
julrich1 opened this issue Sep 15, 2021 · 3 comments
Open

Content-Type is not validated #229

julrich1 opened this issue Sep 15, 2021 · 3 comments

Comments

@julrich1
Copy link

julrich1 commented Sep 15, 2021
edited
Loading

It looks like openapi-backend isn't validating the Content-Type defined in the OpenAPI specification, and worse it will happily pass along payloads that aren't valid. For a quick example, if I have an endpoint defined as such:

     requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                messages:
                  type: array
                  minItems: 1
                  maxItems: 100
                  items:
                    $ref: '#/components/schemas/MessageID'

The validation works great when I pass a Content-Type: application/json header, but if I set the header value to text/plain, the endpoint is called with no validation and the payload is empty. Is there perhaps an easy way to verify the content is as expected?
@tomasvalentaopenbean
Copy link

AFAIK, from when I was going through the code to troubleshoot some issues, the schema is validated only for content-type: application/json. The other content-types are ignored (not validated).

@julrich1
Copy link
Author

AFAIK, from when I was going through the code to troubleshoot some issues, the schema is validated only for content-type: application/json. The other content-types are ignored (not validated).

I think that probably makes sense, but openapi-backend should project reject other types, otherwise the payloads are being passed without any validation.

@tomasvalentaopenbean
Copy link

Right. I am not saying this is not a bug.
It should support other content-types.
Similar/same issue has already been raised: #94

lagios-desquared added a commit to lagios-desquared/openapi-backend that referenced this issue May 15, 2025
@lagios-desquared
fix: Validate JSON request body for multipart/form-data and applicati…
aa25496 
…on/x-www-form-urlencoded

Related to the following issues:
openapistack#94
openapistack#229
@lagios-desquared lagios-desquared mentioned this issue May 15, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@julrich1 @tomasvalentaopenbean