JsonApi service singleton and parseError

dinevillar / adonis-json-api-serializer

An AdonisJS framework wrapper for https://github.com/danivek/json-api-serializer to have API response formatted according to the JSON API Specification (http://jsonapi.org/)

MIT License

16 stars 3 forks source link

JsonApi service singleton and parseError #1

Open moltar opened 6 years ago

moltar commented 6 years ago

Maybe I am not understanding something, so I apologize ahead.

But it appears that JsonApi aka JsonApi/Service/JsonApiService is registered as a singleton. Which means there is only one instance of this service for the whole app. But the service singleton keeps state via pushError/jsonApiErrors. This means that there is potential for race condition and errors of one client leaking to another.

moltar commented 6 years ago

Ok, I can confirm that errors are indeed leaking between requests.

jcfinnerup commented 5 years ago

Hi guys,

This seems quite critical if im not mistaken? Could you perhaps add a security warning to the readme and mark this as a bug?