Location URI is wrong when resource id begins with resource type name #2965
Comments
lmsurpre
added a commit
that referenced
this issue
Nov 9, 2021
when inferring the baseUrl from the request URL. This should be relatively safe because the match is case-sensitive. However, the logic would break if the intended baseUrl of the server actually contains a path segment that overlaps with a resource name (e.g. https://example.com/PatientAPI ). Alternatives would be to either A. rely solely on a configured baseUrl; or B. do more processing of the URL to ensure we're stripping a path and not a hostname Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Nov 10, 2021
when inferring the baseUrl from the request URL. This should be relatively safe because the match is case-sensitive. However, the logic would break if the intended baseUrl of the server actually contains a path segment that overlaps with a resource name (e.g. https://example.com/PatientAPI ). Alternatives would be to either A. rely solely on a configured baseUrl; or B. do more processing of the URL to ensure we're stripping a path and not a hostname Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Nov 10, 2021
Previously, we looked for the last instnace of `/[resourceType]` in the path and assumed that was the first thing after the baseUrl. However, if a resourceId happened to match the resource type, this proved erroneous. The updated logic looks for the first instance of `/[resourceType]/` in the path instead. If that doesn't exist, then we fall back to the old approach of using the last index of `/[resourceType]` (now that we know it should be safe to do so). This updated logic could break if someone insisted on including a baseUrl that includes a path segment that matches `/[resourceType]/` (e.g. https://example.com/my/Patient/api/ ) but I think that is an acceptable risk because that would be very dumb to do. Alternatives would be to either A. rely solely on a configured baseUrl; or B. do more processing of the URL to ensure we're stripping a path and not a hostname Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Nov 10, 2021
and add a test to OriginalRequestRewriteServerTest for the exact examples used in the docs Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Nov 10, 2021
and add a test to OriginalRequestRewriteServerTest for the exact examples used in the docs Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Nov 10, 2021
* issue #2965 - modify getRequestBaseUri logic Previously, we looked for the last instnace of `/[resourceType]` in the path and assumed that was the first thing after the baseUrl. However, if a resourceId happened to match the resource type, this proved erroneous. The updated logic looks for the first instance of `/[resourceType]/` in the path instead. If that doesn't exist, then we fall back to the old approach of using the last index of `/[resourceType]` (now that we know it should be safe to do so). This updated logic could break if someone insisted on including a baseUrl that includes a path segment that matches `/[resourceType]/` (e.g. https://example.com/my/Patient/api/ ) but I think that is an acceptable risk because that would be very dumb to do. Alternatives would be to either A. rely solely on a configured baseUrl; or B. do more processing of the URL to ensure we're stripping a path and not a hostname Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * issue #2965 - document known limitation for custom base urls and add a test to OriginalRequestRewriteServerTest for the exact examples used in the docs Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
|
Verified this no longer happens. Verified with 3 different resource types. |
lmsurpre
added a commit
that referenced
this issue
Mar 24, 2022
We had duplicate logic in two classes: * FHIRResource.getRequestBaseUri * FHIRRestHelper.getRequestBaseUri For #2965, we fixed the version in FHIRResource but missed the one in FHIRRestHelper. Now I combined the two implementations into FHIRRestHelper, made it static, and removed the version from FHIRResource. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Mar 24, 2022
We had duplicate logic in two classes: * FHIRResource.getRequestBaseUri * FHIRRestHelper.getRequestBaseUri For #2965, we fixed the version in FHIRResource but missed the one in FHIRRestHelper. Now I combined the two implementations into FHIRRestHelper, made it static, and removed the version from FHIRResource. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Mar 24, 2022
We had duplicate logic in two classes: * FHIRResource.getRequestBaseUri * FHIRRestHelper.getRequestBaseUri For #2965, we fixed the version in FHIRResource but missed the one in FHIRRestHelper. Now I combined the two implementations into FHIRRestHelper, made it static, and removed the version from FHIRResource. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Mar 25, 2022
We had duplicate logic in two classes: * FHIRResource.getRequestBaseUri * FHIRRestHelper.getRequestBaseUri For #2965, we fixed the version in FHIRResource but missed the one in FHIRRestHelper. Now I combined the two implementations into FHIRRestHelper, made it static, and removed the version from FHIRResource. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
A clear and concise description of what the bug is.
Environment
main
To Reproduce
Steps to reproduce the behavior:
{{base}}/Patient/{{id}}with an id like "Patient1"The resource is created successfully, but the location header in the response has an extra
/Patient:https://localhost:9443/fhir-server/api/v4/Patient/Patient/Patient1/_history/1Expected behavior
The location header should point to the proper absolute url of the created resource
Additional context
When we try to construct the baseUrl from the request, we mistake the
/Patient1for the/Patientsegment of the path.The text was updated successfully, but these errors were encountered: