This results in the greeting parameter being sent in three different places (URI, path parameters and body), without it being clear which one is actually used. This can actually be a security issue in some circumstances if the end user can get these out of sync, if the security check is performed on one value but the implementation uses a different one.
A side effect of the current implementation is that the runtime must map the path and query parameters into the body. We should investigate how we can handle this better, to allow the runtimes to map the parameters how they would like, and to not mix request parameters and body JSON in the same object.
At the moment if you have a HTTP request for
/hello/{greeting}
it is sent over the wire as an object that looks like this:This results in the greeting parameter being sent in three different places (URI, path parameters and body), without it being clear which one is actually used. This can actually be a security issue in some circumstances if the end user can get these out of sync, if the security check is performed on one value but the implementation uses a different one.
A side effect of the current implementation is that the runtime must map the path and query parameters into the body. We should investigate how we can handle this better, to allow the runtimes to map the parameters how they would like, and to not mix request parameters and body JSON in the same object.