Closed reneeb closed 4 years ago
I'm sorry, but I won't take this PR. I don't think it's a good idea to validate the request two times, and the PR also does not refactor the existing validation logic, making the code harder to maintain.
If you want to know if the $tx
is generated from the client side, then I suggest we add a method and/or utility function for that. I would however like to know in which situation that is useful, before adding it.
I don't understand the "But the HTTP method could be wrong" comment.
The method/utility function would be nice...
I don't understand the "But the HTTP method could be wrong" comment.
When you run the script in https://gist.github.com/reneeb/278b9caaf9cbc3a7bec898a20aa6783a , you'll see the output shown in the DATA section. As you can see, it reports a GET request while the endpoint needs a POST request.
When you don't know this behaviour, this is quite confusing.
I just made a new release with two changes:
$tx->remote_address
to see if it was generated locally or not.Thank you!
One could check for the code of call()'s response. But that could be misleading. If an validation error occurs, a transaction object is build with the code 400. But the HTTP method could be wrong. E.g. the called operation requires a POST request, but a validation error occurs, the http method of the transaction is GET.
Furthermore it's not clear that the request isn't sent and the response is built by the module
Having those validation methods it's easy to check the parameters before call() is called.