luciano/reitit
1
0
Fork 0
mirror of https://github.com/metosin/reitit.git synced 2026-02-20 09:29:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: luciano:a46d707f3ab712efa2f019fff9a7e26909d121c1
Branches Tags
luciano:master
luciano:doc-tests
luciano:feat/753-doc-parameter-coercion
luciano:feat/337-fix-external-redirect
luciano:agorgl-directory-index
luciano:frontend-coercion
luciano:application/edn
luciano:add-support-for-fragment-parameters
luciano:fix-reitit-schema-cljs
luciano:malli-lite
luciano:issue-422
luciano:feature/wip-update-query-fn
luciano:fix-exception-log-wrapper
luciano:feature/coerce-request-fail
luciano:gh-pages
luciano:feature/multipart-spec-ns
luciano:set-release
luciano:intermediate-paths-gh-175
luciano:fix/try-something
luciano:feature/frontend-trailing-slash-handling
luciano:DisallowEmptyPathParameters
luciano:frontend-docs-1
luciano:0.10.0
luciano:0.9.2
luciano:0.9.2-rc1
luciano:0.9.1
luciano:0.9.0
luciano:0.8.0
luciano:0.8.0-alpha1
luciano:0.7.2
luciano:0.7.0
luciano:0.7.0-alpha8
luciano:0.7.0-alpha7
luciano:0.7.0-alpha6
luciano:0.7.0-alpha5
luciano:0.7.0-alpha4
luciano:0.7.0-alpha3
luciano:0.7.0-alpha2
luciano:0.7.0-alpha1
luciano:0.6.0
luciano:0.5.18
luciano:0.5.17
luciano:0.5.16
luciano:0.15.6
luciano:0.5.4
luciano:0.5.15
luciano:0.5.14
luciano:0.5.13
luciano:0.5.12
luciano:0.5.11
luciano:0.5.10
luciano:0.5.9
luciano:0.5.8
luciano:0.5.7
luciano:0.5.6
luciano:0.5.5
luciano:0.5.3
luciano:0.5.2
luciano:0.5.1
luciano:0.5.0
luciano:0.4.2
luciano:0.4.0
luciano:0.3.10
luciano:0.3.9
luciano:0.3.8
luciano:0.3.7
luciano:0.3.6
luciano:0.3.5
luciano:0.3.4
luciano:0.3.3
luciano:0.3.2
luciano:0.3.1
luciano:0.3.0
luciano:0.2.13
luciano:0.2.12
luciano:0.2.11
luciano:0.2.10
luciano:0.2.10-alpha1
luciano:0.2.9
luciano:0.2.8
luciano:0.2.7
luciano:0.2.6
luciano:0.2.5
luciano:0.2.4
luciano:0.2.3
luciano:0.2.2
luciano:0.2.1
luciano:0.2.0
luciano:0.1.3
luciano:0.1.2
luciano:0.1.1
luciano:0.1.0
..
compare: luciano:6b95795a6fab0cd9c14d4d1b9cb20acf00e44405
Branches Tags
luciano:doc-tests
luciano:master
luciano:feat/753-doc-parameter-coercion
luciano:feat/337-fix-external-redirect
luciano:agorgl-directory-index
luciano:frontend-coercion
luciano:application/edn
luciano:add-support-for-fragment-parameters
luciano:fix-reitit-schema-cljs
luciano:malli-lite
luciano:issue-422
luciano:feature/wip-update-query-fn
luciano:fix-exception-log-wrapper
luciano:feature/coerce-request-fail
luciano:gh-pages
luciano:feature/multipart-spec-ns
luciano:set-release
luciano:intermediate-paths-gh-175
luciano:fix/try-something
luciano:feature/frontend-trailing-slash-handling
luciano:DisallowEmptyPathParameters
luciano:frontend-docs-1
luciano:0.10.0
luciano:0.9.2
luciano:0.9.2-rc1
luciano:0.9.1
luciano:0.9.0
luciano:0.8.0
luciano:0.8.0-alpha1
luciano:0.7.2
luciano:0.7.0
luciano:0.7.0-alpha8
luciano:0.7.0-alpha7
luciano:0.7.0-alpha6
luciano:0.7.0-alpha5
luciano:0.7.0-alpha4
luciano:0.7.0-alpha3
luciano:0.7.0-alpha2
luciano:0.7.0-alpha1
luciano:0.6.0
luciano:0.5.18
luciano:0.5.17
luciano:0.5.16
luciano:0.15.6
luciano:0.5.4
luciano:0.5.15
luciano:0.5.14
luciano:0.5.13
luciano:0.5.12
luciano:0.5.11
luciano:0.5.10
luciano:0.5.9
luciano:0.5.8
luciano:0.5.7
luciano:0.5.6
luciano:0.5.5
luciano:0.5.3
luciano:0.5.2
luciano:0.5.1
luciano:0.5.0
luciano:0.4.2
luciano:0.4.0
luciano:0.3.10
luciano:0.3.9
luciano:0.3.8
luciano:0.3.7
luciano:0.3.6
luciano:0.3.5
luciano:0.3.4
luciano:0.3.3
luciano:0.3.2
luciano:0.3.1
luciano:0.3.0
luciano:0.2.13
luciano:0.2.12
luciano:0.2.11
luciano:0.2.10
luciano:0.2.10-alpha1
luciano:0.2.9
luciano:0.2.8
luciano:0.2.7
luciano:0.2.6
luciano:0.2.5
luciano:0.2.4
luciano:0.2.3
luciano:0.2.2
luciano:0.2.1
luciano:0.2.0
luciano:0.1.3
luciano:0.1.2
luciano:0.1.1
luciano:0.1.0

1 commit
a46d707f3a ... 6b95795a6f

Author SHA1 Message Date
Ambrose Bonnaire-Sergeant
6b95795a6f
Merge 33d155dc84 into 248200aad3 2026-01-19 21:05:48 -08:00
3 changed files with 4 additions and 47 deletions
Show stats Expand all files Collapse all files

22
doc/ring/coercion.md
View file

@ -63,6 +63,8 @@ Handlers can access the coerced parameters via the `:parameters` key in the requ
{:status 200
:body {:total total}}))})
```
### Nested parameter definitions
Parameters are accumulated recursively along the route tree, just like
@ -92,26 +94,6 @@ handling for merging eg. malli `:map` schemas.
; [:task-id :int]]}
```
### Differences in behaviour for different parameters
All parameter coercions *except* `:body`:
1. Allow keys outside the schema (by opening up the schema using eg. `malli.util/open-schema`)
2. Keywordize the keys (ie. header & query parameter names) of the input before coercing
In contrast, the `:body` coercion:
1. Uses the specified schema
* depending on the coercion, it can be configured as open or closed, see specific coercion docs for details
2. Does not keywordize the keys of the input before coercion
* however, coercions like malli might do the keywordization when coercing json bodies, depending on configuration
This admittedly confusing behaviour is retained currently due to
backwards compatibility reasons. It can be configured by passing
option `:reitit.coercion/parameter-coercion` to `reitit.ring/router`
or `reitit.coercion/compile-request-coercers`. See also:
`reitit.coercion/default-parameter-coercion`.
## Coercion Middleware
Defining a coercion for a route data doesn't do anything, as it's just data. We have to attach some code to apply the actual coercion. We can use the middleware from `reitit.ring.coercion`:

3
modules/reitit-ring/src/reitit/ring.cljc
View file

@ -173,8 +173,7 @@
(letfn [(maybe-redirect [{:keys [query-string] :as request} path]
(if (and (seq path) (r/match-by-path (::r/router request) path))
{:status (if (= (:request-method request) :get) 301 308)
:headers {"Location" (let [path (str/replace-first path #"^/+" "/")] ; Locations starting with // redirect to another hostname. Avoid these due to security implications.
(if query-string (str path "?" query-string) path))}
:headers {"Location" (if query-string (str path "?" query-string) path)}
:body ""}))
(redirect-handler [request]
(let [uri (:uri request)]

26
test/cljc/reitit/ring_test.cljc
View file

@ -416,31 +416,7 @@
:get "/slash-less//" "/slash-less?kikka=kukka"
:post "/with-slash" "/with-slash/?kikka=kukka"
:post "/slash-less/" "/slash-less?kikka=kukka"
:post "/slash-less//" "/slash-less?kikka=kukka"))))
;; See issue #337
(testing "Avoid external redirects"
(let [app (ring/ring-handler
(ring/router [["*" {:get (constantly nil)}]])
(ring/redirect-trailing-slash-handler))
resp (fn [uri & [query-string]]
(let [r (app {:request-method :get :uri uri :query-string query-string})]
{:status (:status r)
:Location (get-in r [:headers "Location"])}))]
(testing "without query params"
(is (= {:status 301 :Location "/malicious.com/foo/"} (resp "//malicious.com/foo")))
(is (= {:status 301 :Location "/malicious.com/foo"} (resp "//malicious.com/foo/")))
(is (= {:status 301 :Location "/malicious.com/foo"} (resp "//malicious.com/foo//")))
(is (= {:status 301 :Location "/malicious.com/foo/"} (resp "///malicious.com/foo")))
(is (= {:status 301 :Location "/malicious.com/foo"} (resp "///malicious.com/foo/")))
(is (= {:status 301 :Location "/malicious.com/foo"} (resp "///malicious.com/foo//"))))
(testing "with query params"
(is (= {:status 301 :Location "/malicious.com/foo/?bar=quux"} (resp "//malicious.com/foo" "bar=quux")))
(is (= {:status 301 :Location "/malicious.com/foo?bar=quux"} (resp "//malicious.com/foo/" "bar=quux")))
(is (= {:status 301 :Location "/malicious.com/foo?bar=quux"} (resp "//malicious.com/foo//" "bar=quux")))
(is (= {:status 301 :Location "/malicious.com/foo/?bar=quux"} (resp "///malicious.com/foo" "bar=quux")))
(is (= {:status 301 :Location "/malicious.com/foo?bar=quux"} (resp "///malicious.com/foo/" "bar=quux")))
(is (= {:status 301 :Location "/malicious.com/foo?bar=quux"} (resp "///malicious.com/foo//" "bar=quux"))))))))
:post "/slash-less//" "/slash-less?kikka=kukka"))))))
(deftest async-ring-test
(let [promise #(let [value (atom ::nil)]