REST API 输入默认在控制器中进行验证
🌐 REST API input is validated by default in controllers
清理意味着对象被“清理”并返回。
🌐 Sanitization means that the object is “cleaned” and returned.
验证意味着断言数据已经干净,如果发现不应该存在的内容,则会引发错误。
🌐 Validation means an assertion is made that the data is already clean and throws an error if something is found that shouldn't be there.
Strapi 方法既存在于控制器中的清理和验证,它们可以针对输入的正文数据、查询参数以及输出(仅用于清理)。
🌐 Strapi methods exist both for sanitization and validation in controllers and they can target input body data, query parameters, and output (only for sanitization).
在 Strapi 5 中,REST API 输入默认在控制器中进行验证,而不�是接受无效数据并悄无声息地清理它。
🌐 In Strapi 5, REST API input is validated by default in controllers, instead of accepting invalid data and sanitizing it silently.
此页面是重大更改数据库的一部分,提供关于重大更改的信息以及从 Strapi v4 迁移到 Strapi 5 的附加说明。
🌐 This page is part of the breaking changes database and provides information about the breaking change and additional instructions to migrate from Strapi v4 to Strapi 5.
重大变更描述
🌐 Breaking change description
在 Strapi v4 中
在 v4 中,查询参数经过验证,但输入数据(创建和更新正文数据)仅经过清理。
🌐 In v4, query parameters are validated, but input data (create and update body data) is only sanitized.
在 Strapi 5 中
在 v5 中,查询参数和输入数据都经过验证。
🌐 In v5, both query parameters and input data are validated.
迁移
🌐 Migration
本节重新组合了有关引入的重大更改的有用说明和程序。
🌐 This section regroups useful notes and procedures about the introduced breaking change.
注意
🌐 Notes
- 如果请求中有无效值,例如在以下情况下,将抛出
400 Bad Request错误:- 用户无权创建的关系
- 模式中不存在的无法识别的值
- 尝试写入不可写字段和内部时间戳,如
createdAt和createdBy字段 - 使用
id字段(除了用于连接关系之外)来设置或更新对象的id
手动操作
🌐 Manual procedure
用户应确保参数和输入数据有效,以避免抛出 400 错误。更多信息可参见 控制器中的清理和验证 文档。
🌐 Users should ensure that parameters and input data are valid to avoid 400 errors being thrown. Additional information can be found in the sanitization and validation in controllers documentation.