fix(Http): Only allow valid HTTP status code values via template #49882
Conversation
provokateurin
changed the title
provokateurin
force-pushed
the
fix/http/template-valid-status-codes
branch
from
b7691e8 to
98b1635
Compare
| "type": "string", | ||
| "enum": [ | ||
| "attachment; filename=\"nextcloud.log\"" | ||
| ] |
There was a problem hiding this comment.
Should that be part of API definition 🤔
There was a problem hiding this comment.
I ignored it before, but with these changes psalm is very unhappy somehow.
IMO the proper fix would be to ignore this header completely in openapi-extractor.
There was a problem hiding this comment.
Not sure, would at least be good for devices to know if a file name is given, etc?
There was a problem hiding this comment.
Yes, although on the other hand I don't know how much sense it makes to specify the value that will be returned. Just saying that a string is returned should be good enough, the clients need to parse that anyway.
| @@ -7,16 +7,18 @@ | |||
| */ | |||
| namespace OCP\AppFramework\Http; | |||
|
|
|||
| use OCP\AppFramework\Http; | |||
There was a problem hiding this comment.
didnt this explode on some version of PHP because you can not import a class with the same name as a namespace?
There was a problem hiding this comment.
I never heard of that problem before and CI is green, so I don't think it's a problem here?
Signed-off-by: provokateurin <[email protected]>
Signed-off-by: provokateurin <[email protected]>
provokateurin
force-pushed
the
fix/http/template-valid-status-codes
branch
from
98b1635 to
7db694f
Compare
|
/backport to stable30 |
|
/backport to stable29 |
|
/backport to stable28 |
Summary
To prevent anyone from using invalid HTTP status codes.
Ideally it would be possible to re-use the
Sand so on template parameters when extending the parent templates, but psalm doesn't seem to support that.Checklist