multiple headers, query parameters

[karenetheridge]

Headers and query parameters can both be duplicated (with same or different values) in the request, but we totally gloss over that.

[karenetheridge]

relates to #8. we can peek at the schema/type property and see if the desire is for an array or a string. If it's an array, we can inflate the values to a list for evaluation. If it's a string, then error if there is more than one value present, and otherwise send along that single value as a string for evaluation.

(At the same time we can coerce to a number if they are asking for a number/integer, erroring if not possible. Ditto for arrays of numbers/integers.)

[karenetheridge]

This should all be written up somewhere for discussion, because deserialization is a common problem and the specification doesn't clearly explain how it should be done.

[karenetheridge]

Likewise, if a query parameter's top level "type" is "object", we can convert all the query parameters to an object type and therefore interdependencies between query parameters can be accomodated in the schema (e.g. paging parameters, where the presence of "limit" or "offset" means that "sort" is now required). Corrollary: only one query parameter is permitted if the object type is used, as that will gobble up all the query parameters (what if another query parameter was processed first and ate one? do we remove that from the object that is sent to the rest? or is this an error?)

[karenetheridge]

The suggestion at https://swagger.io/docs/specification/serialization/ is that if the schema "type" = "object", "style" = "form" and "explode" = true, the individual parameter name is not used in the serialized URI and that the object's keys and values occupy the entire query part of the URI. so confusing!

[karenetheridge]

Need to create an exclusion list of header names that should never be split by /\s*,\s*/ into separate values (or perhaps parsed using a separate delimiter).

• Cookie is split by /;\s*/
• Set-Cookie uses separate header values.
• comma-separated: Accept, Cache-Control, X-Forwarded-For, Access-Control-Allow-Headers
• multiple values not allowed: Content-Length
• Surrogate-Key is split by \s, not \s, (this is a custom Fastly response header)

[karenetheridge]

This may be useful once it's standardized, for parsing newly-defined headers: https://www.fastly.com/blog/improve-http-structured-headers

[karenetheridge]

ABNF for headers: https://datatracker.ietf.org/doc/html/rfc7230#section-7

[karenetheridge]

Remember, for parameter styles like deepObject, we can mix these with other parameter styles in the same query string, and we should disregard those that don't conform when parsing each of these values.

e.g. ?filter[name]=*&filter[colour]=red&ids_only=1 is represented by these parameters:

- name: filter
  in: query
  style: deepObject
  required: false
  schema:
    type: object
    properties:
      name:
        type: string
      colour:
        type: string
- name: ids_only
  in: query
  style: form
  required: false
  schema:
    enum: [0, 1, false, true]