use dashboard to create a route without filling in remote address
wait a few minutes, will find some error log like
2020/12/01 22:44:48 [error] 34404#36781528: *230358 [lua] config_etcd.lua:509: failed to fetch data from etcd: failed to check item data of [/apisix/routes] err:property "remote_addrs" validation failed: failed to validate item 1: object matches none of the requireds, etcd key: /apisix/routes, context: ngx.timer
2020/12/01 22:44:48 [error] 34408#36781532: *230380 [lua] config_etcd.lua:509: failed to fetch data from etcd: failed to check item data of [/apisix/routes] err:property "remote_addrs" validation failed: failed to validate item 1: object matches none of the requireds, etcd key: /apisix/routes, context: ngx.timer
2020/12/01 22:44:48 [error] 34409#36781533: *230352 [lua] config_etcd.lua:509: failed to fetch data from etcd: failed to check item data of [/apisix/routes] err:property "remote_addrs" validation failed: failed to validate item 1: object matches none of the requireds, etcd key: /apisix/routes, context: ngx.timer
@juzhiyuan
Server API should never trust input
sure锛宐ackend need to fix it too
sure锛宐ackend need to fix it too
APISIX has fixed this bug: https://github.com/apache/apisix/pull/2907/files
need to sync the JSON schema.
related issue https://github.com/apache/apisix-dashboard/issues/856#issuecomment-736578374
Just to make sure, will manager-api check the input from the client? (no matter using API or frontend), the manager-api must not trust any data from client.
cc @nic-chen @membphis @ShiningRush
oh I noticed this comment, API should never trust any data from client.
Server API should never trust input
I noticed that remote_addrs is not required in apisix. When the user does not enter remote_addrs, should the client pass [] or not pass the remote_addrs field? @nic-chen
@LiteSun
"not pass the remote_addrs field" should be better.
I noticed that remote_addrs is not required in apisix. When the user does not enter remote_addrs, should the client pass [] or not pass the remote_addrs field? @nic-chen
https://github.com/apache/apisix-dashboard/issues/856#issuecomment-736624035 I have replied this question before.
When the user not filled, should no field remote_addrs. this should be a bug of the frontend