Properly reject non-json FromBody parameter binding #35976
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BrennanConroy
added
feature-minimal-actions
ghost
added
the
|
Did someone click "re-run failed jobs"? |
BrennanConroy
commented
Aug 31, 2021
davidfowl
approved these changes
Sep 2, 2021
BrennanConroy
force-pushed
the
brecon/contenttype
branch
from
a40e8c1 to
6112761
Compare
davidfowl
reviewed
Sep 2, 2021
| @@ -2393,7 +2451,7 @@ private class CustomTodo : Todo | |||
| Assert.Equal(typeof(CustomTodo), parameter.ParameterType); | |||
| Assert.Equal("customTodo", parameter.Name); | |||
|
|
|||
| var body = await context.Request.ReadFromJsonAsync<CustomTodo>(); | |||
| var body = await JsonSerializer.DeserializeAsync<CustomTodo>(context.Request.Body); | |||
There was a problem hiding this comment.
ReadFromJsonAsync throws for non json content type, and for testing I am sending Json without a json content type. I can make a separate type for the test to make it more focused.
|
/backport to release/6.0 |
|
Started backporting to release/6.0: https://github.com/dotnet/aspnetcore/actions/runs/1195893192 |
|
@BrennanConroy backporting to release/6.0 failed, the patch most likely resulted in conflicts: $ git am --3way --ignore-whitespace --keep-non-patch changes.patch
Applying: Properly reject non-json FromBody parameter binding
Using index info to reconstruct a base tree...
M src/Http/Http.Extensions/src/RequestDelegateFactory.cs
M src/Http/Http.Extensions/test/RequestDelegateFactoryTests.cs
Falling back to patching base and 3-way merge...
Auto-merging src/Http/Http.Extensions/test/RequestDelegateFactoryTests.cs
Auto-merging src/Http/Http.Extensions/src/RequestDelegateFactory.cs
CONFLICT (content): Merge conflict in src/Http/Http.Extensions/src/RequestDelegateFactory.cs
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Properly reject non-json FromBody parameter binding
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Error: The process '/usr/bin/git' failed with exit code 128Please backport manually! |
|
/backport to release/6.0 |
|
Started backporting to release/6.0: https://github.com/dotnet/aspnetcore/actions/runs/1196025743 |
amcasey
added
area-minimal
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #35856