This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2017-05-08
Channels
- # aws (9)
- # beginners (69)
- # boot (14)
- # cider (26)
- # cljs-dev (56)
- # cljsrn (9)
- # clojars (4)
- # clojure (229)
- # clojure-brasil (1)
- # clojure-france (11)
- # clojure-greece (2)
- # clojure-italy (4)
- # clojure-mke (6)
- # clojure-serbia (6)
- # clojure-spec (83)
- # clojure-uk (38)
- # clojurescript (171)
- # core-async (3)
- # cursive (11)
- # data-science (11)
- # datomic (27)
- # emacs (113)
- # funcool (6)
- # hoplon (4)
- # jobs (1)
- # luminus (13)
- # lumo (44)
- # off-topic (148)
- # onyx (5)
- # overtone (1)
- # pedestal (4)
- # powderkeg (1)
- # proton (2)
- # re-frame (150)
- # reagent (16)
- # ring-swagger (43)
- # spacemacs (4)
- # specter (36)
- # vim (4)
- # yada (10)
hi i’m having a weird problem I have a pretty simple route
(POST "/actions" []
:return String
:body-params [action :- String]
:summary "Add a new action"
(let [retval (act/add-action action)]
(if (f/failed? retval)
(bad-request (f/message retval))
(ok "abc"))))
I’m using the failjure library and basically (add-action) potentially returns a “Failure” which will trigger (f/failed). The issue I’m having is that when the if is true, i’m getting the 400 error code as expected, but the return of (f/message), a string, is getting sent with an application/octet-stream mime-type
If you are going to return a String, you'll have to provide the content-type yourself.
Does the success get correctly content-type JSON? I guess it will as you have :return String
set
Compojure-api will set the content-type to JSON or transit etc. IF you have set return schema or it can detect that the response is serializable (is collection like map or vector)
string is not considered serializable, so you need to have return schema set if you want to use that
:return
only sets return schema for 200 response
to set schema for 400 response you need :responses {400 {:schema String}}
reason why strings are not serialized by default is that that would case problems when users try to return raw JSON responses etc.
yes it’s a little weird. The (ok “abc”) actually gets an application/json even though that’s not the case either lol. I actually tried this
(bad-request {:message (f/message retval)})
and that did what was expected
Also, I'd recommend returning maps ~always
Some older browsers don't even support strings as top level JSON objects (old IE or something)
And there are security problems in certain JSON parsers when top level object is something else than Object
It is in fact valid JSON, RFC 7159 allows it
previous RFC 4627 only allowed objects and arrays
I use vector/array as top level values myself, but I think there was a security problem with that in some browsers
i know there are different schools of thought about using a standard return wrapper
Something like anyone can add your JSON url as <script src="api.json"/>
to any web page and browser will load that user cookies etc and evaluate that, normally the page can't access the value as it is not set to any var, but if one redefines Array constructor to save the value somewhere it would be possible to get access to secret data
that is why google/facebook prepend for(;;);
or while(1);
to JSON; if someone tries to evaluate JSON using script tags, browser will hang
> No, it is no longer possible to capture values passed to the [] or {} constructors in Firefox 21, Chrome 27, or IE 10.
So it should be quite safe to return maps and vectors as JSON