When making a request like `/jsonapi/node/article/4027f2c5-8f65-4b38-bff5-f97b6d259a01` or `/jsonapi/node/page/4027f2c5-8f65-4b38-bff5-f97b6d259a01` (see the same UUID which is an `article` node), both respond with the correct Article node. Instead, the Page node request should have failed with 404 so that when requests to specific resources by UUID are made, only the requested, expected, valid resource is returned.
In one real life case, an entity was successfully returned when a valid bundle of the same entity type was erroneously requested, and other application logic blindly operated on that returned entity causing an error. The error should have been further up the chain before the JsonAPI request was successfully received.
This is true for all entities and bundles.
Loading the entity should be done by requested entity + bundle or filtered by bundle before responding.
Closed: outdated
11.0 π₯
jsonapi.module
The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
This came up as a daily BSI target.
Looking at the converter in question it's slated to be removed when β¨ Make it possible to link to an entity by UUID Active lands so believe this should be addressed when that lands.