Currently, in jsonapi/src/Controller/RequestHandler.php Line: 115. deserializeBody() keeps going if the body received is not null. This would throw an error when someone use GET/DELETE but accidentally sent something in the body alongside.

A slightly friendly way to line 115 is to also check the method. If it's POST or PATCH, then ignore the body. Or do this checking before deserializeBody() is even called.

Members fund testing for the Drupal project. Drupal Association Learn more

Comments

skyredwang created an issue. See original summary.

skyredwang’s picture

Priority: Normal » Minor
dawehner’s picture

For the implementation I guess we can use $request->isMethodSafe()

Wim Leers’s picture

Nice find :)

And #3++.

e0ipso’s picture

Title: deserializeBody() should be skipped if request method is not POST or PATCH » Skip body deserialization for safe methods

+1

Updated title.

skyredwang’s picture

Status: Active » Needs review
FileSize
701 bytes

Based #3, here is the patch

Status: Needs review » Needs work

The last submitted patch, 6: skip_body-2860073-6.patch, failed testing.

skyredwang’s picture

Status: Needs work » Needs review

This patch has correct path.

skyredwang’s picture

Status: Needs review » Needs work

The last submitted patch, 9: skip_body-2860073-8.patch, failed testing.

Grimreaper’s picture

Assigned: Unassigned » Grimreaper

Fixing the tests.

Grimreaper’s picture

Assigned: Grimreaper » Unassigned
Status: Needs work » Needs review
FileSize
1.76 KB
696 bytes

Here is a patch fixing the tests.

dawehner’s picture

Status: Needs review » Reviewed & tested by the community

This looks perfect for me

Wim Leers’s picture

+1

  • e0ipso committed c7f67d3 on 8.x-1.x authored by Grimreaper
    feat(Serialization): Avoid unnecessary deserialization (#2860073 by...
e0ipso’s picture

Status: Reviewed & tested by the community » Fixed

This was committed. Thanks for working on this!

Grimreaper’s picture

Thanks for the commit.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.