Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POST-ing invalid json content results in 201 Created #1323

Open
james-callahan opened this issue Jun 10, 2019 · 4 comments
Open

POST-ing invalid json content results in 201 Created #1323

james-callahan opened this issue Jun 10, 2019 · 4 comments
Labels
bug

Comments

@james-callahan
Copy link

Environment

  • PostgreSQL version: docker: postgrest/postgrest:v5.2.0-3900baa
  • PostgREST version: docker: postgrest/postgrest:v5.2.0-3900baa
  • Operating system: Linux

Description of issue

POST-ing a json string you can get a 201 success; even though it's not a valid row. e.g (strace output):

sendto(6, "POST /foo HTTP/1.1\r\nHost: localhost:3001\r\naccept: application/json\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Python/3.7 aiohttp/4.0.0a0\r\nContent-Length: 5\r\nContent-Type: application/json\r\n\r\n", 193, 0, NULL, 0) = 193
sendto(6, "\"bar\"", 5, 0, NULL, 0)     = 5
recvfrom(6, "HTTP/1.1 201 Created\r\nTransfer-Encoding: chunked\r\nDate: Wed, 05 Jun 2019 04:42:52 GMT\r\nServer: postgrest/5.2.0 (UNKNOWN)\r\nContent-Range: */*\r\n\r\n0\r\n\r\n", 262144, 0, NULL, NULL) = 149
@steve-chavez steve-chavez added the http http compliance label Jul 26, 2019
@wolfgangwalther
Copy link
Member

I can still confirm this in the current nightly.

Once the body is valid json, but not an object, 201 is returned but no row added.

@wolfgangwalther wolfgangwalther mentioned this issue Dec 10, 2020
Merged
@steve-chavez
Copy link
Member

Also can reproduce with an empty array:

http POST localhost:3000/projects <<JSON
[]
JSON

HTTP/1.1 201 Created

Adding an Accept: application/vnd.pgrst.object makes the request fail.

I think a fix can be done by checking the queryTotal > 1 for 201. Similarly to how it's done for singlejson:

postgrest/src/PostgREST/App.hs

Lines 314 to 319 in 0c25f12

if contentType == CTSingularJSON && queryTotal /= 1
then do
HT.condemn
return . errorResponseFor . singularityError $ queryTotal
else
return $ responseLBS status headers rBody

@wolfgangwalther
Copy link
Member

Mh... this makes it a duplicate of #1070. Closing here in favor of the other one, because there's some other ideas to solve that more generally for on conflict update etc.

@laurenceisla
Copy link
Member

laurenceisla commented Sep 16, 2022
edited
Loading

I'm reopening this because I think that turning the string to an empty array instead of failing may cause confusion when there's a mistake in sending a JSON object with extra escapes (which turns it into a string) and then returning a 201 as if the insert worked. A couple of examples are this SO question and this discussion

@laurenceisla laurenceisla reopened this Sep 16, 2022
@steve-chavez steve-chavez removed the http http compliance label Sep 16, 2022
@zoedsoupe zoedsoupe mentioned this issue Dec 27, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
4 participants
@steve-chavez @wolfgangwalther @laurenceisla @james-callahan