Different `unknown` arguments behaviour locally vs on production

[koko236]

This is a bit of a sanity check question and I'm not sure which library I should post it in, sorry about that.

TLDR: Q: Is there a flag which disables check for extra params in request locally / in debug / dev scenario? I seem to experience such a thing.

I have Flask app (Flask==2.3.3) with: flask-smorest==0.42.3, marshmallow==3.20.1, webargs==8.4.0.

I have Marshmallow schema defined with a few fields and a Smorest blueprint endpoint with arguments decorator which expects a SUBSET of the schema (no id, date_created, etc.):

    @blp.arguments(ItemSchema(only=("name", "description", "language")))
    @blp.response(201, ItemSchema)
    @auth_token_required()
    def put(self, data, project_uuid, site_uuid):

What happens is when I run this locally (in Docker but in dev mode) I can run PUT request with extra params and it goes through, but when I run the same code on remote server with production settings I get '"Unknown field" errors for the extra fields.

What's more I added unknown=ma.EXCLUDE:

@blp.arguments(ItemSchema(only=("name", "description", "language"), unknown=ma.EXCLUDE))

which solves the problem on the remote server. But even if I tried to set it explicitly to RAISE it is still ignored locally - I can pass extra arguments without errors. These settings seem to be completely ignored. Is there any obvious thing that may affect it?

[lafrech]

You may want to double-check the marshmallow versions are the same, and perhaps the webargs versions too.

-- Jérôme

[koko236]

Thanks for suggestion @lafrech. They are installed during Docker Compose build from requirements.txt file which is the same for both envs. I rebuild the containers all the time and if requirements.txt changes it triggers pip install so I don't see how they could differ.