Hello,
How to control number of form parameters from the request in edge.
We have 5 form parameters for our API. If end user sending more than 5 or less than 5 then we need to send an error message.
Thanks
Solved! Go to Solution.
The variable below holds the count.
request.formparams.count
You can set one raise fault with request.formparams.count != 5 as the condition.
Hmm
You could do that with a JS policy. The form string is available in the context variable request.formstring
. There are two approaches. Option 1: Just check "good or no good". That's pretty simple.
var receivedParams = context.getVariable('request.formstring').split('&').map(function(pair) { return pair.split('=', 2)[0]; }); var requiredParams = ['m', 'q', 'b', 'p', 'exp']; // throw fault if the received params do not equal the required params if (receivedParams.sort().join(',') !== requiredParams.sort().join(',')) { throw new Error('invalid parameters'); }
If you want to be more transparent about which parameters are missing or extra, then you need to do something a little different.
var receivedParams = context.getVariable('request.formstring').split('&').map(function(pair) { return pair.split('=', 2)[0]; }); var requiredParams = ['m', 'q', 'b', 'p', 'exp']; // throw fault if the received params do not equal the required params // This is a more intelligent check: it can tell whether there are missing or extra parameters. var missing = requiredParams.filter(function(p) { return p && receivedParams.indexOf(p) == -1;}); var extra = receivedParams.filter(function(p) { return p && requiredParams.indexOf(p) == -1;}); var message = ''; if (missing && missing.length > 0) { message += 'missing[' + missing.join(',') + '] '; } if (extra && extra.length>0) { message += 'extra[' + extra.join(',') + ']'; } if (message != '') { throw new Error('invalid parameters. ' + message); }
Throwing an error from within a JS callout will cause a fault in the proxy. Eventually that propagates back to the caller, but you could "catch" it and rewrite the fault using a FaultRule.
The variable below holds the count.
request.formparams.count
You can set one raise fault with request.formparams.count != 5 as the condition.
Hmm
You could do that with a JS policy. The form string is available in the context variable request.formstring
. There are two approaches. Option 1: Just check "good or no good". That's pretty simple.
var receivedParams = context.getVariable('request.formstring').split('&').map(function(pair) { return pair.split('=', 2)[0]; }); var requiredParams = ['m', 'q', 'b', 'p', 'exp']; // throw fault if the received params do not equal the required params if (receivedParams.sort().join(',') !== requiredParams.sort().join(',')) { throw new Error('invalid parameters'); }
If you want to be more transparent about which parameters are missing or extra, then you need to do something a little different.
var receivedParams = context.getVariable('request.formstring').split('&').map(function(pair) { return pair.split('=', 2)[0]; }); var requiredParams = ['m', 'q', 'b', 'p', 'exp']; // throw fault if the received params do not equal the required params // This is a more intelligent check: it can tell whether there are missing or extra parameters. var missing = requiredParams.filter(function(p) { return p && receivedParams.indexOf(p) == -1;}); var extra = receivedParams.filter(function(p) { return p && requiredParams.indexOf(p) == -1;}); var message = ''; if (missing && missing.length > 0) { message += 'missing[' + missing.join(',') + '] '; } if (extra && extra.length>0) { message += 'extra[' + extra.join(',') + ']'; } if (message != '') { throw new Error('invalid parameters. ' + message); }
Throwing an error from within a JS callout will cause a fault in the proxy. Eventually that propagates back to the caller, but you could "catch" it and rewrite the fault using a FaultRule.
Hi @Dino-at-Google , We can use JsonThreadProtection Policy as well right ? By blocking the request body with n number of fields or allowing n number of fields.
No. JsonThreatProtection works on inbound JSON payloads. Not Form payloads.
Thanks Dino
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |