"Equal" sign optional in "application/x-www-form-urlencoded" results in unparseable query #12381
Description
First of all, I create question on stack overflow for this, before submit this issue : post
Hello in my project built on ASP.NET Core 2.2, I need to implement webhook to handle "notification" from a third-party API.
We deploy it, then we test it but every requests fall in 400 bad request.
I investigate, then I detect that the body of sended requests (application/x-www-form-urlencoded) contains a "missing" equal sign in the query &data[subject_name]&data[user_uid], ex:
webhook_type=create&network_name=test&data[id]=389&data[action_name]=action&data[target_name]=target&data[subject_name]&data[user_uid]=b6643dc6-946b-490a-86b8-eb5c67f82bca&data[type]=Comment
data[subject_name] may be null or empty but with this query data[user_uid] is not parsed (default guid) ! Because ASP.NET framework can't correctly parse the query
I propose to the third-party API developers two solutions :
- force add "equal" sign when the field is null or empty
webhook_type=create&network_name=test&data[id]=389&data[action_name]=action&data[target_name]=target&data[subject_name]=&data[user_uid]=b6643dc6-946b-490a-86b8-eb5c67f82bca&data[type]=Comment
- remove null or empty fields from the query
webhook_type=create&network_name=test&data[id]=389&data[action_name]=action&data[target_name]=target&data[user_uid]=b6643dc6-946b-490a-86b8-eb5c67f82bca&data[type]=Comment
The answer was: "no, it's a standard we do not change anything"
Here the model
public class WebHookDto<T> where T : ThirdPartyNotificationDto
{
[Required]
[EnumDataType(typeof(WebHookType))]
[FromForm(Name = "webhook_type")]
public WebHookType WebHookType { get; set; }
[Required]
[MinLength(1)]
[FromForm(Name = "network_name")]
public string NetworkName { get; set; }
[Required]
[FromForm(Name = "data")]
public T Data { get; set; }
}
public class ThirdPartyNotificationDto
{
[Required]
[FromForm(Name = "id")]
public long Id { get; set; }
}
public class UserNotificationDto : ThirdPartyNotificationDto
{
[Required]
[FromForm(Name = "user_uid")]
public Guid UserId { get; set; }
[FromForm(Name = "action_name")]
public string ActionName { get; set; }
[FromForm(Name = "target_name")]
public string TargetName { get; set; }
[FromForm(Name = "subject_name")]
public string SubjectName { get; set; }
[Required]
[EnumDataType(typeof(NotificationTargetType))]
[FromForm(Name = "type")]
public NotificationTargetType TargetType { get; set; }
}
Here the controller/action
[HttpPost("user")]
public AcceptedResult UserNotificationListener([FromForm]WebHookDto<UserNotificationDto> request)
{
// some code that validate the query or throw exception
}
Here the full query
POST /api/v1/notification/user HTTP/1.1
Host: localhost:44300
Content-Type: application/x-www-form-urlencoded
webhook_type=create&network_name=test&data[id]=389&data[action_name]=action&data[target_name]=target&data[subject_name]&data[user_uid]=b6643dc6-946b-490a-86b8-eb5c67f82bca&data[type]=Comment
My questions are:
The optional "equal" sign is it a standard like third-party developers said ?
What is the best way to fix this issue, if third-party developers stuck on their position ?
Thanks in advance
Kind regards
Sorry for my poor english :(
Rémi