Should we make querystrings reserved words?

gabisurita commented 7 years ago

I think maybe we shouldn't to keep a simple schema, but we should do a big warning about this in the docs. We can do some crazy things with them:

$ echo '{"data": {"_limit": 5}}' | http put localhost:8888/v1
{
    "data": {
        "_limit": 5,
        "id": "b1",
        "last_modified": 1482506056818
    },
    "permissions": {
        "write": [
            "basicauth:902db65276f24f6f084cd57fddb1bb3835054d27858a606f59410e8c227465e2"
        ]
    }
}

$ http get localhost:8888/v1/buckets?_limit=1 -a a:a
{
    "data": [
        {
            "_limit": 5,
            "id": "b1",
            "last_modified": 1482506056818
        }
    ]
}

$ echo '{"data": {"min_field": "10", "field": 5}}' | http put localhost:8888/v1/buckets/b1 -a a:a
{
    "data": {
        "field": 5,
        "id": "b1",
        "last_modified": 1482505784675,
        "min_field": 10
    },
    "permissions": {
        "write": [
            "basicauth:902db65276f24f6f084cd57fddb1bb3835054d27858a606f59410e8c227465e2"
        ]
    }
}

$ http get localhost:8888/v1/buckets?min_field=10 -a a:a
{
    "data": []
}

leplatrem commented 7 years ago

:)

Indeed... I wouldn't be against raising a 400 when a record uses a reserved word, but that may be a bit radical I don't know!

gabisurita commented 7 years ago

Maybe we could send just a warning. Can we use the Alert header for this?

Natim commented 7 years ago

I like your suggestion about the Alert header because we don't break any API. However I am not against raising a 400 because the API starts to be broken with an undefined behavior as soon as people start to use _sort and _limit in their records.

Kinto / kinto

Should we make querystrings reserved words? #1004