- Issue created by @yobottehg
A third party integrates our Drupal JSON:API. They are sometimes calling the API with invalid filters. Which is not a big problem but the invalid filters are not "just ignored" or tell the user "You did something wrong" but it is throwing a totally unhelpful 500 server error. This then alerts our error reporting system which should not be alerted in this case.
In my opinion it should not be possible to trigger 500 errors with normal get collection calls.
/jsonapi/node/entity?page[offset]
Exception callstack:
TypeError: Unsupported operand types: string + int in Drupal\jsonapi\Controller\EntityResource::getPagerQueries() (line 1345 of /app/web/core/modules/jsonapi/src/Controller/EntityResource.php) #0 /app/web/core/modules/jsonapi/src/Controller/EntityResource.php(1302): Drupal\jsonapi\Controller\EntityResource::getPagerQueries('next', '', 50, Array)
#1 /app/web/core/modules/jsonapi/src/Controller/EntityResource.php(1061): Drupal\jsonapi\Controller\EntityResource::getPagerLinks(Object(Symfony\Component\HttpFoundation\Request), Object(Drupal\jsonapi\Query\OffsetPage), Array)
#2 /app/web/core/modules/jsonapi/src/Controller/EntityResource.php(469): Drupal\jsonapi\Controller\EntityResource->respondWithCollection(Object(Drupal\jsonapi\JsonApiResource\ResourceObjectData), Object(Drupal\jsonapi\JsonApiResource\NullIncludedData), Object(Symfony\Component\HttpFoundation\Request), Object(Drupal\jsonapi_extras\ResourceType\ConfigurableResourceType), Object(Drupal\jsonapi\Query\OffsetPage))
#3 [internal function]: Drupal\jsonapi\Controller\EntityResource->getCollection(Object(Drupal\jsonapi_extras\ResourceType\ConfigurableResourceType), Object(Symfony\Component\HttpFoundation\Request))
#4 /app/web/core/lib/Drupal/Core/EventSubscriber/EarlyRenderingControllerWrapperSubscriber.php(123): call_user_func_array(Array, Array)
#5 /app/web/core/lib/Drupal/Core/Render/Renderer.php(580): Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}()
Or alternatively we could agree to ignore invalid parameters. This could however confuse the user more then a good error message.
Active
3.0
Code