Skip to content

Commit b58ca10

Browse files
allowReserved only permitted where percent-encoding is done
namely: in=path, in=query, in=cookie+style=form, but not in=header, in=querystring or in=cookie+style=cookie and not in encoding objects where contentType is used (none of style, explode, allowReserved are present) this brings in some work that didn't get merged in #4904 ..and also fixes a bad $ref URI
1 parent 5a50cf6 commit b58ca10

9 files changed

Lines changed: 97 additions & 15 deletions

src/oas.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -819,7 +819,7 @@ In these cases, implementations MUST pass values through unchanged rather than a
819819
| ---- | :----: | ---- |
820820
| <a name="parameter-style"></a>style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"` (for compatibility reasons; note that `style: "cookie"` SHOULD be used with `in: "cookie"`; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details). |
821821
| <a name="parameter-explode"></a>explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters, or when [`style`](#parameter-style) is `"deepObject"`, this field has no effect. When `style` is `"form"` or `"cookie"`, the default value is `true`. For all other styles, the default value is `false`. |
822-
| <a name="parameter-allow-reserved"></a>allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are not allowed by the rules of the `in` destination or media type, or are [not allowed in the path by this specification](#path-templating); see [URL Percent-Encoding](#url-percent-encoding) for details. The default value is `false`. This field only applies to `in` and `style` values that automatically percent-encode. |
822+
| <a name="parameter-allow-reserved"></a>allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are not allowed by the rules of the `in` destination or media type, or are [not allowed in the path by this specification](#path-templating); see [URL Percent-Encoding](#url-percent-encoding) for details. The default value is `false`. This field only applies to `in` and `style` values that automatically percent-encode (that is: `in: path`, `in: query`, and `in: cookie` with `style: form`). |
823823
| <a name="parameter-schema"></a>schema | [Schema Object](#schema-object) | The schema defining the type and other constraints used for the parameter. |
824824

825825
See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance.

src/schemas/validation/schema.yaml

Lines changed: 19 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -421,9 +421,6 @@ $defs:
421421
type: string
422422
explode:
423423
type: boolean
424-
allowReserved:
425-
default: false
426-
type: boolean
427424
allOf:
428425
- $ref: '#/$defs/parameter/dependentSchemas/schema/$defs/styles-for-path'
429426
- $ref: '#/$defs/parameter/dependentSchemas/schema/$defs/styles-for-header'
@@ -449,6 +446,9 @@ $defs:
449446
- simple
450447
required:
451448
const: true
449+
allowReserved:
450+
type: boolean
451+
default: false
452452
required:
453453
- required
454454

@@ -477,6 +477,9 @@ $defs:
477477
- spaceDelimited
478478
- pipeDelimited
479479
- deepObject
480+
allowReserved:
481+
type: boolean
482+
default: false
480483

481484
styles-for-cookie:
482485
if:
@@ -490,6 +493,15 @@ $defs:
490493
enum:
491494
- form
492495
- cookie
496+
if:
497+
properties:
498+
style:
499+
const: form
500+
then:
501+
properties:
502+
allowReserved:
503+
type: boolean
504+
default: false
493505

494506
unevaluatedProperties: false
495507

@@ -598,6 +610,7 @@ $defs:
598610
type: boolean
599611
allowReserved:
600612
type: boolean
613+
default: false
601614
encoding:
602615
type: object
603616
additionalProperties:
@@ -614,9 +627,7 @@ $defs:
614627
prefixEncoding: false
615628
itemEncoding: false
616629
style:
617-
properties:
618-
allowReserved:
619-
default: false
630+
$ref: '#/$defs/styles-for-form'
620631
explode:
621632
properties:
622633
style:
@@ -627,9 +638,8 @@ $defs:
627638
properties:
628639
style:
629640
default: form
630-
allOf:
631-
- $ref: '#/$defs/specification-extensions'
632-
- $ref: '#/$defs/styles-for-form'
641+
$ref: '#/$defs/styles-for-form'
642+
$ref: '#/$defs/specification-extensions'
633643
unevaluatedProperties: false
634644

635645
responses:
@@ -810,9 +820,6 @@ $defs:
810820
explode:
811821
default: false
812822
type: boolean
813-
allowReserved:
814-
default: false
815-
type: boolean
816823
allOf:
817824
- $ref: '#/$defs/examples'
818825
- $ref: '#/$defs/specification-extensions'
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
openapi: 3.3.0
2+
info:
3+
title: allowReserved only permitted with in and style values that percent-encode
4+
version: 1.0.0
5+
components:
6+
headers:
7+
Style:
8+
schema:
9+
type: array
10+
style: simple
11+
explode: true
12+
allowReserved: true
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
openapi: 3.3.0
2+
info:
3+
title: allowReserved only permitted with in and style values that percent-encode
4+
version: 1.0.0
5+
components:
6+
parameters:
7+
my_cookie:
8+
name: my_cookie
9+
in: cookie
10+
style: cookie
11+
allowReserved: true
12+
schema: {}
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
openapi: 3.3.0
2+
info:
3+
title: allowReserved only permitted with in and style values that percent-encode
4+
version: 1.0.0
5+
components:
6+
parameters:
7+
header:
8+
name: my-header
9+
in: header
10+
allowReserved: false
11+
schema: {}

tests/schema/pass/header-object-examples.yaml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,9 @@ components:
1717
type: string
1818
pattern: ^"
1919
Reference:
20-
$ref: '#/components/schemas/ETag'
20+
$ref: '#/components/headers/ETag'
2121
Style:
2222
schema:
2323
type: array
2424
style: simple
2525
explode: true
26-
allowReserved: true
Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
openapi: 3.3.0
2+
info:
3+
title: allowReserved only permitted with in and style values that percent-encode
4+
version: 1.0.0
5+
components:
6+
parameters:
7+
style_form:
8+
name: my_form_cookie
9+
in: cookie
10+
# default style is form, therefore allowReserved is allowed
11+
allowReserved: true
12+
schema: {}
13+
style_cookie:
14+
name: my_cookie_cookie
15+
in: cookie
16+
style: cookie
17+
# no percent decoding for style=cookie, therefore allowReserved is not allowed
18+
schema: {}
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
openapi: 3.3.0
2+
info:
3+
title: api
4+
version: 1.0.0
5+
components:
6+
parameters:
7+
path:
8+
name: my-path
9+
in: path
10+
required: true
11+
allowReserved: false
12+
schema: {}
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
openapi: 3.3.0
2+
info:
3+
title: allowReserved only permitted with in and style values that percent-encode
4+
version: 1.0.0
5+
components:
6+
parameters:
7+
my_query:
8+
name: my_query
9+
in: query
10+
allowReserved: true
11+
schema: {}

0 commit comments

Comments
 (0)