Fork me on GitHub
#reitit
<
2020-01-06
>
ikitommi19:01:13

what would be a better default for malli-based coercion with open/closed schemas: 1. fail if extra keys exist (both request & response) 2. just strip extra keys 3. mixture of both (fail on extra input on request, just strip extra stuff on response)

ikitommi19:01:59

currently would do 2+1: strip extra keys on both ways, and fail if that fails for some reason.

thenonameguy19:01:17

that sounds reasonable

ikitommi19:01:29

also, all schemas will be closed by default, unless explicitly marked as open.

ikitommi19:01:51

e.g. schemas can be defined open, but will be validated as closed on api-boundary.

thenonameguy20:01:53

That could be problematic with forward evolution

thenonameguy20:01:35

deos closed mean I get a bad request response?

thenonameguy20:01:37

ie. If I have service A which talks to service B. If I want to do a deploy which sends extra information to a service which will be later used I have to do an extra deploy for service B if extra input params cause a bad request

ikitommi20:01:56

if you want evolution over apis, you can either mark schemas explictely as open [:map {:closed false} [:x int?]] or configure coercion not to strip away extra keys.

ikitommi20:01:18

I think the question is: do you want security (closed) or evolution (open) by default.

thenonameguy20:01:40

tough call, clojure devs seem to favor openness over security (spec vs schema, open maps vs structs, etc.). Your call, as long as it’s a one-liner to change it won’t be a dealbreaker

thenonameguy20:01:33

I think the more mature you are as a dev the more you tends towards to openness vs. security of impl.

thenonameguy20:01:14

whatever you choose, writing a few lines in the README/docs explaining the trade-offs would be nice to folks to decide for themselves

abdullahibra22:01:51

Hi everyone, is it good practice to add get ajax call to objects in my app every time i navigate to that page ? for example if i app has concept of books per user, and all books data is fetched from the server via GET call, is it better to re-fetch all books from the server each time i visit books page, or only refresh when i add new books ? what are you guys doing in that situation ?