Closed FrederickRauh closed 2 years ago
In production, the service validation should be fail-fast in order to make the attacks more difficult. If you return all errors at the same time, it is easier for attackers to forge a request. Here is an article I have written and hope it helps.
"Unless fail-fast is turned on in the configuration, all errors should be returned at the same time and this is the default behaviour."
Hey thanks for the anwser. Unfortunatly this does not seem to be the default behaviour. The validation method itself (doValidate in SchemaValidator) does not regarde the fail-fast variable and only returns the first error from the list of possible errors. The processingReport inside of the method, contains both errors that i force, however as stated it only returns the first error. As per your anwser: i totally understand that behaviour, however i just wanted to point this out, incase anybody else comes across it.
You are right. There are two components involved here. The json-schema-validator returns all validation errors by default but the openapi-validator is returning only the first error if there are more than one. Hope it clarifies the confusion here. Thanks.
Its not clear how I should configure this to return multiple errors?
@delanym You would need to modify doValidate in com/mservicetech/openapi/validation/SchemaValidator, to return a list instead of the first found error.
At the current stage the status object only returns a string containing one error. If multiple errors are present maybe a list of these should be returned.