JSONAPI.ContentTypeNegotiation ignore some methods for validation

[ravecat]

Thank you for your work, I am integrating your lib into my application and I have a question.

Seen source code of JSONAPI.ContentTypeNegotiation for validation and I'm surprised that he's ignoring some of the methods

  def call(%{method: method} = conn, _opts) when method in ["DELETE", "GET", "HEAD"], do: conn

  def call(conn, _opts) do
    conn
    |> content_type
    |> accepts
    |> respond
  end

because spec requires that communication between the client and servers should be done with the application/vnd.api+json header.

Could you clarify that point

[mattpolzin]

The referenced plug specifically checks that the Content-Type request header is valid. Since that header specifies the type of the request body, it is not relevant for HEAD, GET, or DELETE requests. One could theoretically be a stickler and deny a request that has no body but still specifies a Contnet-Type (of any value), but that’s probably rarely done in practice.

[mattpolzin]

On second thought, since the plug does bother to validate the accept header as well, it does look like a bug that it ignores some http verbs. Would be better if it validated content-type and accept for put/post/patch and still validated accept for get requests.

[ravecat]

@mattpolzin thank you for you answer

updated MIME configuration accroding docs, this will allow control of content at the application level

config :mime, :types, %{
  "application/vnd.api+json" => ["json-api"]
}

and my pipeline

  pipeline :api do
    plug :accepts, ["json-api"]
    plug JSONAPI.EnsureSpec
    plug JSONAPI.Deserializer
    plug JSONAPI.UnderscoreParameters
  end

[mattpolzin]

Looking good!