"path parameters MUST NOT contain any unescaped “generic syntax” characters"

OAI / OpenAPI-Specification

The OpenAPI Specification Repository

https://openapis.org

Apache License 2.0

28.82k stars 9.07k forks source link

"path parameters MUST NOT contain any unescaped “generic syntax” characters" #2804

Closed karenetheridge closed 4 months ago

karenetheridge commented 2 years ago

at https://spec.openapis.org/oas/v3.1.0#path-templating:

The value for these path parameters MUST NOT contain any unescaped “generic syntax” characters described by [RFC3986]: forward slashes (/), question marks (?), or hashes (#).

Is this referring to the name of the path parameter, or the value itself?

For example, for the path template /pets/{petId}, is it "petId" itself (which is the name clause in the parameter specification) that cannot contain these characters -- that is, a restriction on the openapi document itself? or is it the value of this parameter, at runtime, that cannot contain these characters, for example "cat_01" in the URI /pets/cat_01?

Either way, the language in the specification here could do with a little tightening.

This question has also come up in https://github.com/OAI/OpenAPI-Specification/issues/2564.

hkosova commented 2 years ago

Is this referring to the name of the path parameter, or the value itself?

The value itself. See #291 and #892#issuecomment-281170254. This sentence was added to indicate that the value of a path parameter cannot result in additional path segments.

hkosova commented 2 years ago

I wonder if the names of path parameters are supposed to be restricted to the varname ABNF from RFC 6570, URI Template. OAS itself currently places no restrictions on path parameter names so technically a space " " can be considered be a valid name.

karenetheridge commented 2 years ago

In that case, commit ce732af10 should be reverted, and possibly replaced with something else - even if just ^[^}]+$ (the name of path parameters can be anything as long as it doesn't contain a closing curly brace -- or are escaped curlies allowed in a path name?).

(I see quite a lot of discussion in old tickets about supporting more of the RFC 6570 syntax in the path specification -- I hope it is still under consideration!)

handrews commented 7 months ago

@karenetheridge did PR #3415 getting merged address everything for this issue?

github-actions[bot] commented 7 months ago

This issue has been labeled with No recent activity because there has been no recent activity. It will be closed if no further activity occurs within 28 days. Please re-open this issue or open a new one after this delay if you need to.

handrews commented 4 months ago

Looking at this more closely, it was definitely fixed by PR #3415. Closing!