REST API 输入在控制器中默认验证
¥REST API input is validated by default in controllers
清理意味着对象被“清理”并返回。
¥Sanitization means that the object is “cleaned” and returned.
验证意味着断言数据已经干净,如果发现不应该存在的内容,则会引发错误。
¥Validation means an assertion is made that the data is already clean and throws an error if something is found that shouldn't be there.
Strapi 方法既适用于 控制器中的清理和验证,又可以定位输入主体数据、查询参数和输出(仅用于清理)。
¥Strapi methods exist both for sanitization and validation in controllers and they can target input body data, query parameters, and output (only for sanitization).
在 Strapi 5 中,REST API 输入在控制器中默认进行验证,而不是接受无效数据并静默清理。
¥In Strapi 5, REST API input is validated by default in controllers, instead of accepting invalid data and sanitizing it silently.
此页面是 重大变更数据库 的一部分,提供有关重大更改的信息以及从 Strapi v4 迁移到 Strapi 5 的其他说明。
¥This page is part of the breaking changes database and provides information about the breaking change and additional instructions to migrate from Strapi v4 to Strapi 5.
🔌 此重大更改是否会影响插件? | 是 |
---|
🤖 此重大更改是否由 codemod 自动处理? | 否 |
---|
重大更改描述
¥Breaking change description
在 Strapi v4 中
¥In Strapi v4
在 v4 中,查询参数经过验证,但输入数据(创建和更新正文数据)仅经过清理。
¥In v4, query parameters are validated, but input data (create and update body data) is only sanitized.
在 Strapi 5 中
¥In Strapi 5
在 v5 中,查询参数和输入数据都经过验证。
¥In v5, both query parameters and input data are validated.
迁移
¥Migration
本节重新组合了有关引入的重大更改的有用说明和程序。
¥This section regroups useful notes and procedures about the introduced breaking change.
注意
¥Notes
-
如果请求具有无效值,则会抛出
400 Bad Request
错误,例如在以下情况下:¥A
400 Bad Request
error will be thrown if the request has invalid values such as in in the following cases:-
用户无权创建的关系
¥relations the user do not have permission to create
-
模式中不存在的无法识别的值
¥unrecognized values that are not present on a schema
-
尝试写入不可写字段和内部时间戳,如
createdAt
和createdBy
字段¥attempt to writing non-writable fields and internal timestamps like
createdAt
andcreatedBy
fields -
使用
id
字段(除了连接关系)来设置或更新对象的id
¥usage of the
id
field (other than for connecting relations) to set or update theid
of an object
-
手动程序
¥Manual procedure
用户应确保参数和输入数据有效,以避免抛出 400
错误。其他信息可在 控制器中的清理和验证 文档中找到。
¥Users should ensure that parameters and input data are valid to avoid 400
errors being thrown. Additional information can be found in the sanitization and validation in controllers documentation.