🔥 feat: Add HTTP QUERY method support (RFC 10008)#4436
Conversation
Register QUERY as a first-class HTTP method alongside the existing nine. QUERY is safe and idempotent, allowing request bodies for complex queries without the URL-length constraints of GET. - Add MethodQuery constant and methodQuery iota - Add Query() to Router, Register interfaces and all implementations (App, Group, Registering, domainRouter, domainRegistering) - Add Query() client shorthand on Request - Mark QUERY as safe in IsMethodSafe (idempotent follows from safe) - Include QUERY in CSRF safe-method branch (no token required) - Include QUERY in CORS default AllowMethods - Add QUERY color to logger middleware - Update constants documentation
…itch-branches lint
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughAdds the ChangesQUERY HTTP Method Integration
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.12.2)level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain main module or its selected dependencies" Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
I intentionally excluded cache middleware since its signature cannot handle body, maybe some kind of change needed for this? |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
middleware/cors/cors_test.go (1)
645-645: ⚡ Quick winAdd a preflight case where
Access-Control-Request-MethodisQUERY.These assertions now expect
QUERY, but the loopedmethodstable still omitsfiber.MethodQuery, so the request-type path for QUERY itself isn’t exercised. Add it to the table to close the test gap.Also applies to: 679-679
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@middleware/cors/cors_test.go` at line 645, The test assertions at lines 645 and 679 now expect QUERY to be included in the Access-Control-Allow-Methods header, but the methods table being looped in the preflight test case does not include fiber.MethodQuery. Add fiber.MethodQuery to the methods table in the test to ensure the preflight request path for QUERY method is actually exercised and tested, closing the gap between the assertion expectations and the actual test coverage.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@middleware/cors/cors_test.go`:
- Line 645: The test assertions at lines 645 and 679 now expect QUERY to be
included in the Access-Control-Allow-Methods header, but the methods table being
looped in the preflight test case does not include fiber.MethodQuery. Add
fiber.MethodQuery to the methods table in the test to ensure the preflight
request path for QUERY method is actually exercised and tested, closing the gap
between the assertion expectations and the actual test coverage.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: 364fe260-35d6-4f4f-849e-9255b8bde8c9
📒 Files selected for processing (16)
app.goapp_test.goclient/request.goconstants.godocs/api/constants.mddocs/client/request.mddocs/partials/routing/handler.mddomain.gogroup.gohelpers.gomiddleware/cors/config.gomiddleware/cors/cors_test.gomiddleware/csrf/csrf.gomiddleware/logger/utils.goregister.gorouter.go
Yes, we should add that, since the QUERY explicitly states that it can be cached. |
|
Small changes needed but need to decide how can we generate cache key in defaultKeyGenerator for QUERY request.
|
|
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4436 +/- ##
=======================================
Coverage 91.59% 91.60%
=======================================
Files 134 134
Lines 13518 13532 +14
=======================================
+ Hits 12382 12396 +14
Misses 722 722
Partials 414 414
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
@gaby What documentation and units should be added? |
@nekoworks-magic ^ Coverage report |
That would be a bad idea, a large body would take a while to hash and can be used to cause DoS. |
Description
Add first-class support for the HTTP QUERY method (RFC 10008). QUERY is safe and idempotent like GET, but allows request bodies for complex queries.
Changes introduced
MethodQueryconstant,methodQueryiota,DefaultMethodsentryQuery()onRouter,Registerinterfaces and all implementations (App, Group, Registering, domainRouter, domainRegistering)Request.Query()client shorthandIsMethodSafereturns true for QUERYAllowMethodsincludes QUERYType of change
Checklist
/docs/directory for Fiber's documentation.