Apigee handles empty form parameters nicely as long as they have an equals sign next to them, like the following:
param_with_value=bla¶m_without_value=&another_param_with_value=bla
However, if the caller omits the equals sign next to param_without_value then Apigee will silently just not parse any of the form parameters that were sent in. That is to say, if you had a flow condition looking at the value of any form parameters they will just be empty.
Now the interesting part is that if you have a JavaScript policy with a simple context.getVariable("request.formparams.names") Apigee will throw an error like Execution of debug-policy failed on line 1 with error: Bad Form Data. The same happens if you do it in a Java callout, in which case you get the following exception:
com.apigee.rest.framework.BadRequestException{ code = protocol.http.BadFormData, message = Bad Form Data, associated contexts = []} at com.apigee.protocol.http.msg.Body.getFormParams(Body.java:79) at com.apigee.messaging.adaptors.http.message.HttpTransportMessage.getFormParams(HttpTransportMessage.java:310) at com.apigee.messaging.adaptors.http.message.HttpTransportMessage.getFormParamValue(HttpTransportMessage.java:336) at com.apigee.messaging.adaptors.http.message.HttpTransportMessage.getP.....
This means that Apigee does in fact have some sort of request parameter validation in place, but it silently accepts invalid input until you use in a JS or Java policy.
There are a few ways that this can be solved with custom policies (e.g. have a JS or Java policy peek at request.formparams.names and raise a fault if that fails, or even apply a regular expression on the incoming request) but I'd rather have Apigee handle it for me.
Is there a way to tell Apigee not to accept such requests without having to add any custom policies to PreFlow?
Currently you must add custom policies. Typically your API will be doing other parameter validation that will pick this up when it cannot find a required parameter.
Thanks for sharing this with the community, I am sure this will help out others that come across this issue!
Many thanks, Sean
User | Count |
---|---|
5 | |
2 | |
2 | |
1 | |
1 |