Invalid search parameters prefixed with "_" not being rejected even with search prefer handling set to strict

[IanMMarshall]

Describe the bug According to HAPI FHIR doc and FHIR Specification, FHIR requests with invalid search parameters should be rejected if strict search preference is enabled (default setting in HAPI FHIR). However if an invalid search parameter is prefixed with underscore, "_", HAPI FHIR seems to be ignoring the parameter rather than rejecting request.

To Reproduce Steps to reproduce the behavior:

1. Launch JPA Server instance with a FHIR endpoint that has SearchPreferHandlingInterceptor registered with default behaviour set to "strict".
2. Load one or more patients.
3. Submit search request with an invalid search parameter prefixed with "_", e.g. GET /Patient/?_anyThing=alsodoesntmatter.
4. Returns all Patient resources.

Expected behavior Expect the search request to be rejected.

[springroll12]

Any update on this? We are experiencing this exact issue but have not found a workaround as of yet.

[IanMMarshall]

No, not yet. I had planned to look into this myself as I had a client who reported this issue, but then the client decided that this was not so important after all.

[asharafkk]

Is this issue fixed or configurable? (invalid search parameter with underscore ( "_") is ignored ). I found a potential problem when using DELETE expunge. Example : DELETE {baseUrl}/Device?_idx=12345&_expunge=true here, wrong parameter _idx is used instead of _id. But all Device resources are delete expunged from the system. any comments/pointers highly appreciated.