Skip to content

Commit 5a7ca66

Browse files
committed
forbid invalid fields in sqlpage.fetch http request definitions
1 parent 4c88bd7 commit 5a7ca66

File tree

3 files changed

+6
-1
lines changed

3 files changed

+6
-1
lines changed

CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
- New `options_source` parameter in the form component. This allows to dynamically load options for dropdowns from a different SQL file.
1717
- This allows easily implementing autocomplete for form fields with a large number of possible options.
1818
- In the map component, add support for map pins with a description but no title.
19-
- Improved error messages when a parameter of a sqlpage function is invalid. Error traces used to be truncated, and made it hard to understand the exact cause of the error in some cases. In particular, calls to `sqlpage.fetch` would display an unhelpful error message when the HTTP request definition was invalid.
19+
- Improved error messages when a parameter of a sqlpage function is invalid. Error traces used to be truncated, and made it hard to understand the exact cause of the error in some cases. In particular, calls to `sqlpage.fetch` would display an unhelpful error message when the HTTP request definition was invalid. `sqlpage.fetch` now also throws an error if the HTTP request definition contains unknown fields.
2020
- Make the `headers` field of the `sqlpage.fetch` function parameter optional. It defaults to sending a User-Agent header containing the SQLPage version.
2121

2222
## 0.32.1 (2025-01-03)

src/webserver/database/sqlpage_functions/http_fetch_request.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ fn default_headers<'a>() -> HeaderVec<'a> {
2121

2222
#[derive(serde::Deserialize, Debug)]
2323
#[serde(expecting = "an http request object, e.g. '{\"url\":\"http://example.com\"}'")]
24+
#[serde(deny_unknown_fields)]
2425
pub(super) struct HttpFetchRequest<'b> {
2526
#[serde(borrow)]
2627
pub url: Cow<'b, str>,
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
select sqlpage.fetch('{
2+
"url": "https://example.com",
3+
"invalid_field": "should fail"
4+
}')

0 commit comments

Comments
 (0)