Remove content detection mechanism from REST endpoints #19388
Comments
|
I was under the impression that we already obey to the |
Sadly we do not always. 😢
I think that should be removed as part of closing this issue. 😄 |
It seems like we do apart from where we accept settings in the body? Or are there other REST endpoints where we try and detect content type?
Sure, why not. Maybe it should be brought up before it gets removed though :) |
Not documented. Please rip it out! |
Perfect that makes it a no-brainer, with properties out of the way it makes no sense to do any auto-detection I think. We should do for settings what we already do for any other request I believe. |
|
We can completely remove support for properties. I opened #19391. |
|
If you removed |
|
To quote from https://metacpan.org/pod/JSON::XS#JSON-and-YAML
|
|
ok, but what about checking |
|
@popravich That's the plan. |
|
I care to highlight that we already take into account the |
|
@javanna It's in the description of the issue that this is a problem only on certain endpoints. |
|
ok it appears that what I cared to highlight above was completely wrong. We don't read the The reason for this is that we have the java api, which exposes a lot of |
|
I think the discussion should be split in two. First for the future where we will rely on http for all out of cluster communication and then second for what to do until then. As Luca noted, we don't do anything with the incoming content type at the moment. For the future, I would suggest we move over to using content type headers exclusively and use JSON as default. That means we will need to extend our transport layer to carry that information. Maybe move from Until then we have two options - either keep things as is (but improve detection and make it uniform - i.e., not have one detection logic for settings and another for the rest) or change our transport client to require content type information. If we go for the latter, we have to do it on a major version. Since that is quite a big job for us and will case pain for users to upgrade to something that will be going away any way, my vote is to keep things the same for now and just solve the little issues we find. As soon as we can fully rely on http this will become simpler on it's own. |
|
One compromise could be to keep the current Looking at what we are moving towards to (http), having those new methods may actually end up helping users migrating as the content-type will always be required with the rest client when providing a request body. Not too sure about this but maybe worth considering. Another option we would have is to copy the content-type header from REST layer to transport layer so that the info is accessible when actually parsing the bytes and can be taken into account if available. This is suboptimal as the transport client would not have that info unless the header is explicitly set for each request, which is something that I am not sure users would do. Would work within elasticsearch though without changing methods signatures, probably too sneaky though. |
|
Discussed in FixitFriday. To fix the transport client we have to either:
All of these are big changes. In the meantime, should we just fix the REST layer and require a content header for anything that is not JSON? |
|
Fixing the REST layer anyhow requires the transport layer to accept the content-type and carry it around wherever bytes can be provided. We agreed on FixItFriday that we want to fix the REST layer to not do auto-detection and rely on |
With recent changes to our parsing code we have drastically reduced the places where we auto-detect the content type from the input. The usage of these methods spread in our codebase for no reason, given that in most of the cases we know the content type upfront and we don't need any auto-detection mechanism. Deprecating these methods is a way to try and make sure that these methods are carefully used, and hopefully not introduced in newly written code. We have yet to fix the REST layer to read the Content-Type header, which is the long term solution, but for now we just want to make sure that the usage of these methods doesn't spread any further. Relates to elastic#19388
) With recent changes to our parsing code we have drastically reduced the places where we auto-detect the content type from the input. The usage of these methods spread in our codebase for no reason, given that in most of the cases we know the content type upfront and we don't need any auto-detection mechanism. Deprecating these methods is a way to try and make sure that these methods are carefully used, and hopefully not introduced in newly written code. We have yet to fix the REST layer to read the Content-Type header, which is the long term solution, but for now we just want to make sure that the usage of these methods doesn't spread any further. Relates to #19388
This change enforces that all incoming rest requests have a valid and supported content type header before the request is dispatched. The content type header is parsed to the matching XContentType value with the only exception being for plain text requests. This value is then passed on with the content bytes so that we can reduce the number of places where we need to autodetect the content type. As part of this, many transport requests and builders were updated to provide methods that accepted the XContentType along with the bytes and the methods that would rely on autodetection have been deprecated. Closes elastic#19388
…ntent (#22691) This change adds a strict mode for xcontent parsing on the rest layer. The strict mode will be off by default for 5.x and in a separate commit will be enabled by default for 6.0. The strict mode, which can be enabled by setting `http.content_type.required: true` in 5.x, will require that all incoming rest requests have a valid and supported content type header before the request is dispatched. In the non-strict mode, the Content-Type header will be inspected and if it is not present or not valid, we will continue with auto detection of content like we have done previously. The content type header is parsed to the matching XContentType value with the only exception being for plain text requests. This value is then passed on with the content bytes so that we can reduce the number of places where we need to auto-detect the content type. As part of this, many transport requests and builders were updated to provide methods that accepted the XContentType along with the bytes and the methods that would rely on auto-detection have been deprecated. In the non-strict mode, deprecation warnings are issued whenever a request with body doesn't provide the Content-Type header. See #19388
…ntent (elastic#22691) This change adds a strict mode for xcontent parsing on the rest layer. The strict mode will be off by default for 5.x and in a separate commit will be enabled by default for 6.0. The strict mode, which can be enabled by setting `http.content_type.required: true` in 5.x, will require that all incoming rest requests have a valid and supported content type header before the request is dispatched. In the non-strict mode, the Content-Type header will be inspected and if it is not present or not valid, we will continue with auto detection of content like we have done previously. The content type header is parsed to the matching XContentType value with the only exception being for plain text requests. This value is then passed on with the content bytes so that we can reduce the number of places where we need to auto-detect the content type. As part of this, many transport requests and builders were updated to provide methods that accepted the XContentType along with the bytes and the methods that would rely on auto-detection have been deprecated. In the non-strict mode, deprecation warnings are issued whenever a request with body doesn't provide the Content-Type header. See elastic#19388
…ntent (#22691) This change adds a strict mode for xcontent parsing on the rest layer. The strict mode will be off by default for 5.x and in a separate commit will be enabled by default for 6.0. The strict mode, which can be enabled by setting `http.content_type.required: true` in 5.x, will require that all incoming rest requests have a valid and supported content type header before the request is dispatched. In the non-strict mode, the Content-Type header will be inspected and if it is not present or not valid, we will continue with auto detection of content like we have done previously. The content type header is parsed to the matching XContentType value with the only exception being for plain text requests. This value is then passed on with the content bytes so that we can reduce the number of places where we need to auto-detect the content type. As part of this, many transport requests and builders were updated to provide methods that accepted the XContentType along with the bytes and the methods that would rely on auto-detection have been deprecated. In the non-strict mode, deprecation warnings are issued whenever a request with body doesn't provide the Content-Type header. See #19388
…ted methods This commit enforces the requirement of Content-Type for the REST layer and removes the deprecated methods in transport requests and their usages. While doing this, it turns out that there are many places where *Entity classes are used from the apache http client libraries and many of these usages did not specify the content type. The methods that do not specify a content type explicitly have been added to forbidden apis to prevent more of these from entering our code base. Relates elastic#19388
…ted methods (#23146) This commit enforces the requirement of Content-Type for the REST layer and removes the deprecated methods in transport requests and their usages. While doing this, it turns out that there are many places where *Entity classes are used from the apache http client libraries and many of these usages did not specify the content type. The methods that do not specify a content type explicitly have been added to forbidden apis to prevent more of these from entering our code base. Relates #19388
|
@jaymode should we close this? We have removed auto-detection from the REST layer, is there anything left to do here? |
|
@javanna you are correct. There is nothing left to do here. |
Today, some Elasticsearch REST endpoints (e.g., update index settings API) attempt to determine the content type (e.g., JSON vs. YAML) of the request body with a rudimentary detection mechanism. This mechanism breaks down on YAML bodies that contain braces because the content is inappropriately detected as JSON. Instead, this mechanism should not be used, Elasticsearch should default to JSON for all request bodies, and possibly obey the
Content-Typeheader for allowing YAML.Relates #19366
The text was updated successfully, but these errors were encountered: