Joseph et al.,
So a while ago we started returning 415 responses in the V2 API for anything other than JSON requests. This is because wrap params isn't triggered for anything but JSON. This was unfortunately not being run by Katello V2 controllers which I fixed a couple days ago. However, it looks like in Katello we're using multipart/form-data for files which are now broken as they return 415. I'm wondering what the best solution would be:
- Disable the content type check for individual actions. Actions that accept files won't check the content type.
- Extend wrap_parameters to trigger on multipart/form-data
- Check the params for a ActionDispatch::Http::UploadedFile, then allow multipart/form-data.
- Something else???
I'm leaning towards #1 as it's simple (although maybe not intuitive to people developing new actions). Any thoughts?
David
Hi David,
What about modifying check_content_type in api/v2/base_controller.rb which appears below to include if content_type is 'multipart/form-data'
def check_content_type
if (request.post? || request.put?) && request.content_type != "application/json"
render_error(:unsupported_content_type, :status => 415)
end
end
Joseph
···
----- Original Message -----
From: “David Davis” daviddavis@redhat.com
To: “Joseph Magen” jmagen@redhat.com
Cc: “foreman-dev” foreman-dev@googlegroups.com
Sent: Tuesday, January 13, 2015 8:33:03 PM
Subject: [foreman-dev] API content types
Joseph et al.,
So a while ago we started returning 415 responses in the V2 API for anything
other than JSON requests. This is because wrap params isn’t triggered for
anything but JSON. This was unfortunately not being run by Katello V2
controllers which I fixed a couple days ago. However, it looks like in
Katello we’re using multipart/form-data for files which are now broken as
they return 415. I’m wondering what the best solution would be:
- Disable the content type check for individual actions. Actions that accept
files won’t check the content type.
- Extend wrap_parameters to trigger on multipart/form-data
- Check the params for a ActionDispatch::Http::UploadedFile, then allow
multipart/form-data.
- Something else???
I’m leaning towards #1 as it’s simple (although maybe not intuitive to people
developing new actions). Any thoughts?
David
–
You received this message because you are subscribed to the Google Groups
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
What are drawbacks of #2?
I could imagine combination of enabling for wrap_params on
multipart/form-data and setting allowed content types for individual
actions.
T.
···
On 01/13/2015 07:33 PM, David Davis wrote:
> Joseph et al.,
>
> So a while ago we started returning 415 responses in the V2 API for anything other than JSON requests. This is because wrap params isn't triggered for anything but JSON. This was unfortunately not being run by Katello V2 controllers which I fixed a couple days ago. However, it looks like in Katello we're using multipart/form-data for files which are now broken as they return 415. I'm wondering what the best solution would be:
>
> 1. Disable the content type check for individual actions. Actions that accept files won't check the content type.
> 2. Extend wrap_parameters to trigger on multipart/form-data
> 3. Check the params for a ActionDispatch::Http::UploadedFile, then allow multipart/form-data.
> 4. Something else???
>
> I'm leaning towards #1 as it's simple (although maybe not intuitive to people developing new actions). Any thoughts?
>
> David
>
I don't think that's an option unless we extend wrap_parameters to activate on multipart/form-data. If someone were to hit a route that relies on wrap_parameters and were to use multipart/form-data, then they'd get an error about the parameters being undefined as wrap_parameters wouldn't trigger.
I guess one assumption would be that multipart/form-data is only used for file uploads but I am not sure that's a safe assumption (?).
David
···
----- Original Message -----
> From: "Joseph Magen"
> To: foreman-dev@googlegroups.com
> Sent: Wednesday, January 14, 2015 3:13:50 AM
> Subject: Re: [foreman-dev] API content types
>
> Hi David,
>
> What about modifying check_content_type in api/v2/base_controller.rb which
> appears below to include if content_type is 'multipart/form-data'
>
> def check_content_type
> if (request.post? || request.put?) && request.content_type !=
> "application/json"
> render_error(:unsupported_content_type, :status => 415)
> end
> end
>
>
> Joseph
>
>
>
> ----- Original Message -----
>
> > From: "David Davis"
> > To: "Joseph Magen"
> > Cc: "foreman-dev"
> > Sent: Tuesday, January 13, 2015 8:33:03 PM
> > Subject: [foreman-dev] API content types
>
> > Joseph et al.,
>
> > So a while ago we started returning 415 responses in the V2 API for
> > anything
> > other than JSON requests. This is because wrap params isn't triggered for
> > anything but JSON. This was unfortunately not being run by Katello V2
> > controllers which I fixed a couple days ago. However, it looks like in
> > Katello we're using multipart/form-data for files which are now broken as
> > they return 415. I'm wondering what the best solution would be:
>
> > 1. Disable the content type check for individual actions. Actions that
> > accept
> > files won't check the content type.
> > 2. Extend wrap_parameters to trigger on multipart/form-data
> > 3. Check the params for a ActionDispatch::Http::UploadedFile, then allow
> > multipart/form-data.
> > 4. Something else???
>
> > I'm leaning towards #1 as it's simple (although maybe not intuitive to
> > people
> > developing new actions). Any thoughts?
>
> > David
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "foreman-dev" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to foreman-dev+unsubscribe@googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-dev+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
The suggestion you mention of having individual actions define their accepted content-types might be a good option.
David
···
----- Original Message -----
> From: "Tomas Strachota"
> To: foreman-dev@googlegroups.com, "Joseph Magen"
> Sent: Wednesday, January 14, 2015 3:08:10 AM
> Subject: Re: [foreman-dev] API content types
>
> On 01/13/2015 07:33 PM, David Davis wrote:
> > Joseph et al.,
> >
> > So a while ago we started returning 415 responses in the V2 API for
> > anything other than JSON requests. This is because wrap params isn't
> > triggered for anything but JSON. This was unfortunately not being run by
> > Katello V2 controllers which I fixed a couple days ago. However, it looks
> > like in Katello we're using multipart/form-data for files which are now
> > broken as they return 415. I'm wondering what the best solution would be:
> >
> > 1. Disable the content type check for individual actions. Actions that
> > accept files won't check the content type.
> > 2. Extend wrap_parameters to trigger on multipart/form-data
> > 3. Check the params for a ActionDispatch::Http::UploadedFile, then allow
> > multipart/form-data.
> > 4. Something else???
> >
> > I'm leaning towards #1 as it's simple (although maybe not intuitive to
> > people developing new actions). Any thoughts?
> >
> > David
> >
>
> What are drawbacks of #2?
> I could imagine combination of enabling for wrap_params on
> multipart/form-data and setting allowed content types for individual
> actions.
>
> T.
>
> --
> You received this message because you are subscribed to the Google Groups
> "foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-dev+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
