New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated the docs related to AJV plugins #3189
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
docs/Validation-and-Serialization.md
Outdated
Below is an example showing how to add **custom error messages for each property** of a schema by supplying custom AJV options. | ||
Inline comments in the schema below describe how to configure it to show a different error message for each case: | ||
|
||
```js | ||
const fastify = Fastify({ | ||
ajv: { | ||
customOptions: { jsonPointers: true }, | ||
customOptions: { | ||
jsonPointers: true, | ||
allErrors: true | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oof. We need to update this example with a warning that implementing it opens the service up to a denial of service attack.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should I just add the warning as a comment in front of the option:
customOptions: {
jsonPointers: true,
allErrors: true // Warning: Enabling this option may open the service up to a denial of service attack
},
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add a note box with the link to the CVE
https://www.cvedetails.com/cve/CVE-2020-8192/
What's the status of this? Should we land some of this or should we close for now? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The suggestion should be addressed because the proposed link, points to ajv8 and it confuses users
Co-authored-by: Matteo Collina <matteo.collina@gmail.com>
Co-authored-by: Manuel Spigolon <behemoth89@gmail.com>
Co-authored-by: Manuel Spigolon <behemoth89@gmail.com>
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
ajv-errors
plugin