Hapi: Validate only one header

Created on 13 Feb 2015 · 13Comments · Source: hapijs/hapi

User Story

As a developer, I would like to check the value of a _specific_ header, without having to handle them all.
So that Hapi doesn't raise errors because of unhandled or ignored headers.

Example

When I create a route, with the following attribute :

config: {
    validate: {
        headers: {
            'accept-version': Joi.number().valid(1.0)
        }
    }
},

Hapi/Joi sends back the following response :

{
  "statusCode" : 400,
  "message" : "host is not allowed. content-type is not allowed. connection is not allowed. accept is not allowed. user-agent is not allowed. accept-language is not allowed. accept-encoding is not allowed",
  "error" : "Bad Request",
  "validation" : {
    "source" : "headers",
    "keys" : [
      "host",
      "content-type",
      "connection",
      "accept",
      "user-agent",
      "accept-language",
      "accept-encoding"
    ]
  }
}

I would not to have to handle any possible HTTP header.

Request

Is there already such a thing in Hapi ?
If not, wouldn't it be a good thing ?

support

Source

perfaram

👍1

Most helpful comment

You probably want

config: {
    validate: {
        headers: Joi.object({
            'accept-version': Joi.number().valid(1.0).required()
        }).options({ allowUnknown: true })
    }
},

Marsup on 13 Feb 2015

👍30 🎉8 😄1

All 13 comments

You probably want

config: {
    validate: {
        headers: Joi.object({
            'accept-version': Joi.number().valid(1.0).required()
        }).options({ allowUnknown: true })
    }
},

Marsup on 13 Feb 2015

👍30 🎉8 😄1

Yup, exactly. Thanks !
Couldn't we also write this in the docs ?

perfaram on 13 Feb 2015

👍1

It's all in the docs, hapi accepts Joi objects as validation, Joi objects can do that, so hapi can.
Anyway try to find a place where you'd want it to go in the docs and send a pull request for that.

Marsup on 13 Feb 2015

👍1

Didn't see this in Joi docs, but I must have missed it.
Anyway, thanks !

perfaram on 13 Feb 2015

There's no example with this specific property but it's mentioned in the validate part. If you have a good idea to expose it in the docs we'll obviously take it.

Marsup on 13 Feb 2015

No, no idea, sorry

perfaram on 13 Feb 2015

thanks @Marsup for the tip :+1:

adityasaxena on 22 Sep 2015

How do you extend the headers set by the security: true option, I don't want to mess the rest of the validation up but I want to add x-csrf-token to the list of validations.

davemackintosh on 5 Nov 2015

+1 for the tip, though it's counter intuitive.

For query/params/payload, we can address specific keys:

validate: {
  payload: {
    username: Joi.string().required()
  },
  params: {
    id: Joi.number().required()
  },
  query: {
    search: Joi.string().optional()
  }
}

But for headers, we can't do this:

validate: {
  headers: {
    example: Joi.string().required()
  }
}

But in fact have to do this:

validate: {
  headers: Joi.object({
    'example': Joi.string().required()
  }).options({ allowUnknown: true })
}

adamkdean on 21 Jan 2017

👍13 🎉3

@adamkdean It's not working

ericching-heracles on 1 Jul 2019

Sorry @ericching-heracles this was quite a while ago, I don't recall the specifics anymore

adamkdean on 1 Jul 2019

@adamkdean It's ok, I was miss using it.

ericching-heracles on 1 Jul 2019

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.