fix: skip request body validation gracefully instead of throwing error#2204
Open
kouzitech wants to merge 1 commit into
Open
fix: skip request body validation gracefully instead of throwing error#2204kouzitech wants to merge 1 commit into
kouzitech wants to merge 1 commit into
Conversation
This commit fixes request body validation being skipped or reported as unsupported for certain paths or HTTP methods (Issue asyncapi#1987). Two bugs were fixed: 1. Unsafe access to requestBody.content['application/json'].schema caused TypeError when application/json was not a content type (e.g., multipart/form-data, text/plain, or missing entirely). 2. When compileAjv() returned undefined (because the method has no requestBody, like GET/DELETE, or the requestBody has no JSON schema), the middleware incorrectly threw 'Request body validation is not supported' error. This is wrong - methods without request bodies simply don't need body validation, and endpoints with non-JSON content types should silently skip rather than error. Changes: - Added findContentSchema() helper function that safely finds a schema from any content type, prioritizing application/json but falling back to any available schema - Changed validation middleware to skip body validation (not throw error) when no schema is defined - Added comprehensive tests for all edge cases This ensures: - Request body validation works for all paths/methods - No false 'unsupported' errors for endpoints without request bodies - Invalid request bodies are properly validated when schema exists - Non-JSON content types with schemas are properly supported Fixes asyncapi#1987
kouzitech
requested review from
AayushSaini101,
Amzani,
Shurtu-gal,
Souvikns and
asyncapi-bot-eve
as code owners
🦋 Changeset detectedLatest commit: 828a680 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
2 tasks
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix for Issue #1987: Request body validation is skipped for some paths or HTTP methods
Summary
This PR fixes the request body validation bug where validation was incorrectly reported as unsupported for certain paths or HTTP methods.
The Bug
Two specific issues occurred:
Unsafe property access to requestBody.content["application/json"].schema caused TypeError when the content type was not application/json.
When compileAjv() returned undefined, the middleware incorrectly threw a Request body validation is not supported error.
The Solution
Added findContentSchema() helper that safely finds a schema from any content type.
Changed validation middleware to skip body validation (not throw error) when no schema is defined.
Benefits
Fixes #1987
This PR is part of the MICROGRANT Program 2026-05 #2125