-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add request limits on accept, content-type, and content-length headers #502
base: master
Are you sure you want to change the base?
feat: add request limits on accept, content-type, and content-length headers #502
Conversation
I tried to follow the style guidelines and way of working, please let me know if I did anything wrong. Happy to help! 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good from my end. I only have some questions that other maintainers (@dustinmoris) should weigh in on.
So far Giraffe doesn't have many error messages it returns that are hard coded. I could only find one place where we do it. I'm wary of having error messages like this hard coded for localization and even preference reasons. However I'm unsure of how to resolve this easily within this library.
Maybe we can have a different set of functions that takes in a custom error HTTP handler. There maybe needed two, as we check both on the presence of the header and whether the header has the correct value. let haveContentTypesCustom contentTypes errorHandler = // ... |
I'd prefer to make the first parameter of each of these handlers to accept an error handler. It's not just about changing the message, but the entire response should be flexible. For example an API could return this as a JSON object or plain text response but a website might want to render a HTML page with the error displayed. Here's an example of where this approach has already been taken: Of course in the final user application one would define that handler only once and then use the new handler for everything else, e.g.:
|
Ok, that's fine by me! 👍 I'll change this to your needs. |
8d8c744
to
0dfc6a1
Compare
This feature looks pretty cool! |
Adds request guards/limitation on:
Accept
headerContent-Type
headerContent-Length
headerWith user-friendly error http responses.
Closes #392