Bug: Error in Processing Requests with Additional Characters after /fhir/* in REST Endpoint #21
Assignees
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
When using the Google's Gateway repository, identified a bug related to REST endpoint with the /fhir/* path. If any characters are appended after /fhir/ in a REST endpoint, the WebServlet accepts and begins processing in the access checkers. However, when the actual handleRequest method executes, it fails with an error stating that the FHIR server does not know how to process the request
Steps to Reproduce:
Hit a GET REST endpoint with the path /fhir/*.
Append additional characters to the path (e.g., /fhir/practitioner-details-xyz).
Observe the behaviour that it passes through the access checker.
Expected Behavior:
The system should handle requests with additional characters after /fhir/* gracefully, or there should be a proper validation step at the beginning of execution to check the existence of the resource type.
Actual Behavior:
If you type anything after /fhir/* it returns a response.
{ "resourceType": "OperationOutcome", "issue": [ { "severity": "error", "code": "processing", "diagnostics": "User is not authorized to GET http://localhost:8080/fhir/practitioner-dewtails?keycloak-uuid=bccd8c41-1c39-400f-b8f4-2172709a7aaa" } ] }Proposed Solution:
I suggest adding a check at the beginning of the execution to validate whether the resource type exists whenever /fhir/* endpoint is triggered.
cc: @ndegwamartin @dubdabasoduba @f-odhiambo
The text was updated successfully, but these errors were encountered: