Skip to content

Clarify processing rules for malformed ext and profile members of JSON:API object #1607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 10, 2022
Merged

Clarify processing rules for malformed ext and profile members of JSON:API object #1607

merged 3 commits into from
Jun 10, 2022

Conversation

jelhan
Copy link
Contributor

@jelhan jelhan commented Feb 4, 2022

The applied extension and profiles must be provided as ext and profile media type parameters of Content-Type header. Additionally they may be listed as jsonapi.ext and jsonapi.profile member of a JSON:API document.

This opens up the possibility of having different values in both places. So far the specification has not defined processing rules for such malformed documents.

This clarifies that a client and server must honor the Content-Type header in case of a conflict. Additionally it clarifies that they should not reject the document but ignore the invalid jsonapi.ext and/or jsonapi.profile members.

Ignoring them in case of a conflict rather than rejecting the document allows server and clients to not process them at all - even if present. This avoids computing overhead just for the sake of validating the document.

Closes #1359

@jelhan
Clarify processing rules for malformed ext and profile members of…
9e6092a 
… JSON:API object

The applied extension and profiles must be provided as `ext` and `profile` media type parameters of `Content-Type` header. Additionally they may be listed as `jsonapi.ext` and `jsonapi.profile` member of a JSON:API document.

This opens up the possibility of having different values in both places. So far the specification has not defined processing rules for such malformed documents.

This clarifies that a client and server must honor the `Content-Type` header in case of a conflict. Additionally it clarifies that they should not reject the document but ignore the invalid `jsonapi.ext` and/or `jsonapi.profile` members.

Ignoring them in case of a conflict rather than rejecting the document allows server and clients to _not_ process them at all - even if present. This avoids computing overhead just for the sake of validating the document.
@jelhan jelhan added this to the JSON-API 1.1-beta milestone Feb 4, 2022
@jelhan jelhan requested a review from dgeb February 13, 2022 15:30
@dgeb dgeb mentioned this pull request May 8, 2022
Closed
@dgeb
Copy link
Member

dgeb commented May 8, 2022

I agree entirely with the sentiment behind this PR, which is that content negotiation should occur using headers (Content-Type and Accept) rather than the members of the jsonapi object. And I would also say that validation of this object is entirely optional. But I'm not sure that the normative change in this PR is quite right.

I believe that the guarantees we want to provide are:

  • These members, if present, MUST match the corresponding media type parameters.
  • Because these members are entirely optional they MUST NOT be used for content negotiation.

I think this combination of guarantees should prevent unnecessary validation while still providing a reasonable assumption of correctness if these members are present.

@jelhan what do you think? Would this combination of normative changes address your concerns?

jelhan
jelhan commented May 10, 2022
View reviewed changes
Copy link
Contributor Author

@jelhan jelhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I think your proposal makes sense. Enforcing validation was not my intent. I provided a potential rewording as review comment.

To be honest I'm not sure what value ext and profile members of jsonapi provide. They seem to only duplicate information already available in Content-Type header. Not sure if I missed a relevant discussion about the use cases they address.

@dgeb @jelhan
Update _format/1.1/index.md
6f2621a 
Co-authored-by: Jeldrik Hanschke <jelhan@users.noreply.github.com>
dgeb
dgeb reviewed Jun 10, 2022
View reviewed changes
dgeb
dgeb approved these changes Jun 10, 2022
View reviewed changes
Copy link
Member

@dgeb dgeb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the adjustments, @jelhan. Another good clarification!

@dgeb dgeb merged commit f1a2fcd into json-api:gh-pages Jun 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgeb dgeb dgeb approved these changes

@auvipy auvipy auvipy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1
Development

Successfully merging this pull request may close these issues.
3 participants
@jelhan @dgeb @auvipy
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy