openapi3filter: fix bug where absent optional properties fail validation in form-urlencoded requests #1110
+103
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thierry-f-78
force-pushed
the
issue_params_validator_urlencoded
branch
from
d800fd2 to
b5c6e1c
Compare
…urlencoded requests When decoding application/x-www-form-urlencoded request bodies, absent optional properties were incorrectly treated as null values and validated against the schema, causing "Value is not nullable" errors. Now, absent properties are skipped entirely during validation, which is the correct behavior for optional fields.
thierry-f-78
force-pushed
the
issue_params_validator_urlencoded
branch
from
b5c6e1c to
b6c8ca4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
openapi3filter: fix bug where absent optional properties fail validation in form-urlencoded requests
Summary
Fix validation of absent optional properties in
application/x-www-form-urlencodedrequest bodies.The Bug
When a form-urlencoded request body has multiple optional properties defined in the schema, and only some of them are sent in the request, the validation incorrectly fails with:
Reproduction case:
param1andparam2param1=value1param2is treated asnullNote: the bug only manifests when at least one property is present. An empty body passes validation.
The Fix
When decoding properties, skip absent ones entirely instead of adding them as
nullto the decoded object:Specification Analysis
Absent vs Null: Two Distinct Concepts
According to OpenAPI Specification discussions:
This clearly distinguishes:
nullableNo Native Null in form-urlencoded
RFC 1866 defines form-urlencoded as key=value pairs where:
param=value→ string valueparam=→ empty string""The RFC states: "Fields with null values may be omitted" — but here "null" means "no value" in HTML form semantics, not the JSON
nulltype.There is no native way to represent JSON
nullin form-urlencoded.Ambiguity:
nullablein form-urlencodedThe OpenAPI 3.0.3 specification does not define how
nullable: trueshould behave for form-urlencoded content. It only references RFC 1866 for serialization rules.This means
nullableis arguably meaningless for form-urlencoded bodies, since there's no standard way to send an explicit null value. This is a spec ambiguity, not something this PR attempts to resolve.What This PR Does
requiredvalidation ornullablesemantics (separate concerns)