Closed subnetmarco closed 8 years ago
API names probably shouldn't be allowed to contain URI characters
So these are the ones to exclude;
reserved = gen-delims / sub-delims
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
(from https://tools.ietf.org/html/rfc3986#section-2.2)
right?
@Tieske Yes - and I would also include "
It might be worth reusing this code (a whitelist of allowed characters for API path
): https://github.com/Mashape/kong/blob/master/kong/dao/schemas/apis.lua#L61
I wanted to implement a URL decode middleware in the Admin API, but so far it seems like Lapis cannot differentiate path parameters than POST or GET parameters. For now I restricted the name property to only contain unreserved characters (that is, only . - _ ~
, not that spaces are not supported)
If I find a way to percent-decode path parameters only we could support names with reserved characters and spaces.
e.g., 'my/api/name', though requesting it as 'my%2Fapi%2Fname'