You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue a GET request with a valid identifier and an unacceptable query parameter, e.g., using the cURL command: curl -X GET 'http://example.com/users?_id=XYZ&foo=bar', where "XYZ" is a valid User ID.
Issue a GET request with only unacceptable query parameters, e.g., using the cURL command: curl -X GET 'http://example.com/users?foo=bar'.
Expected Result:
Server should respond with HTTP status code: 406 Not Acceptable.
Server should respond with HTTP status code: 406 Not Acceptable.
Actual Result:
Server responds with HTTP status code: 500 Internal Server Error.
Server responds with HTTP status code: 200 OK; response body is ALL records (i.e., no filtering).
The text was updated successfully, but these errors were encountered:
Pacifica Metadata version
1.0
Pacifica Core Software versions
n/a
Platform Details
All supported platforms.
Scenario:
The decorator functions in
metadata/rest/orm.pyshould white-list HTTP query parameters using the "Strong Parameters" technique (c.f., http://api.rubyonrails.org/classes/ActionController/StrongParameters.html).Steps to Reproduce:
Issue a GET request with a valid identifier and an unacceptable query parameter, e.g., using the cURL command:
curl -X GET 'http://example.com/users?_id=XYZ&foo=bar', where "XYZ" is a valid User ID.Issue a GET request with only unacceptable query parameters, e.g., using the cURL command:
curl -X GET 'http://example.com/users?foo=bar'.Expected Result:
Server should respond with HTTP status code: 406 Not Acceptable.
Server should respond with HTTP status code: 406 Not Acceptable.
Actual Result:
Server responds with HTTP status code: 500 Internal Server Error.
Server responds with HTTP status code: 200 OK; response body is ALL records (i.e., no filtering).
The text was updated successfully, but these errors were encountered: