Skip to main content

REST API 输入在控制器中默认验证

¥REST API input is validated by default in controllers

清理意味着对象被“清理”并返回。

¥Sanitization means that the object is “cleaned” and returned.

验证意味着断言数据已经干净,如果发现不应该存在的内容,则会引发错误。

¥Validation means an assertion is made that the data is already clean and throws an error if something is found that shouldn't be there.

Strapi 方法既适用于 控制器中的清理和验证,又可以定位输入主体数据、查询参数和输出(仅用于清理)。

¥Strapi methods exist both for sanitization and validation in controllers and they can target input body data, query parameters, and output (only for sanitization).

在 Strapi 5 中,REST API 输入在控制器中默认进行验证,而不是接受无效数据并静默清理。

¥In Strapi 5, REST API input is validated by default in controllers, instead of accepting invalid data and sanitizing it silently.

此页面是 重大变更数据库 的一部分,提供有关重大更改的信息以及从 Strapi v4 迁移到 Strapi 5 的其他说明。

¥This page is part of the breaking changes database and provides information about the breaking change and additional instructions to migrate from Strapi v4 to Strapi 5.

 Is this breaking change affecting plugins?Yes
 Is this breaking change automatically handled by a codemod?No

重大更改描述

¥Breaking change description

在 Strapi v4 中

¥In Strapi v4

在 v4 中,查询参数经过验证,但输入数据(创建和更新正文数据)仅经过清理。

¥In v4, query parameters are validated, but input data (create and update body data) is only sanitized.

在 Strapi 5 中

¥In Strapi 5

在 v5 中,查询参数和输入数据都经过验证。

¥In v5, both query parameters and input data are validated.

迁移

¥Migration

本节重新组合了有关引入的重大更改的有用说明和程序。

¥This section regroups useful notes and procedures about the introduced breaking change.

注意

¥Notes

  • 如果请求具有无效值,则会抛出 400 Bad Request 错误,例如在以下情况下:

    ¥A 400 Bad Request error will be thrown if the request has invalid values such as in in the following cases:

    • 用户无权创建的关系

      ¥relations the user do not have permission to create

    • 模式中不存在的无法识别的值

      ¥unrecognized values that are not present on a schema

    • 尝试写入不可写字段和内部时间戳,如 createdAtcreatedBy 字段

      ¥attempt to writing non-writable fields and internal timestamps like createdAt and createdBy fields

    • 使用 id 字段(除了连接关系)来设置或更新对象的 id

      ¥usage of the id field (other than for connecting relations) to set or update the id of an object

手动程序

¥Manual procedure

用户应确保参数和输入数据有效,以避免抛出 400 错误。其他信息可在 控制器中的清理和验证 文档中找到。

¥Users should ensure that parameters and input data are valid to avoid 400 errors being thrown. Additional information can be found in the sanitization and validation in controllers documentation.