REST handlers silently ignore request body if unexpected #76694
Labels
>bug
:Core/Infra/REST API
REST infrastructure and utilities
Team:Core/Infra
Meta label for core/infra team
Comments
|
Pinging @elastic/es-core-infra (Team:Core/Infra) |
|
What version was this on? That should have been fixed already in 7.0: #37504 |
|
Bah sorry for the noise, I guess they must have been using 6.8.x. It does look to be fixed indeed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In https://discuss.elastic.co/t/ilm-retry-api-not-honoring-timeouts/281772 a user reported confusion over the way that Elasticsearch ignored the parameters in this request:
The immediate solution was to move the parameters into the URL where they belong, but the question highlights a broader problem: if an API endpoint expects a request body then we parse the body fairly strictly and reject requests that contain unexpected things, but if the endpoint doesn't expect a body at all then we seem to leniently accept requests with a body anyway. Silently ignoring input like this is confusing, and I think we should have rejected this request with a
400 Bad requestinstead.The text was updated successfully, but these errors were encountered: