Github user davisp commented on a diff in the pull request:
https://github.com/apache/couchdb-couch/pull/162#discussion_r59885221
--- Diff: src/couch_changes.erl ---
@@ -336,6 +343,16 @@ get_doc_ids(_) ->
throw({bad_request, no_doc_ids_provided}).
+get_selector({json_req, {Props}}) ->
+ check_selector(couch_util:get_value(<<"selector">>, Props));
+get_selector(#httpd{method='POST'}=Req) ->
+ couch_httpd:validate_ctype(Req, "application/json"),
+ {Props} = couch_httpd:json_body_obj(Req),
+ check_selector(couch_util:get_value(<<"selector">>, Props));
+get_selector(_) ->
+ throw({bad_request, invalid_selector}).
--- End diff --
I agree with @kxepal here, if a user does a GET with a filter=_selector,
then it'll be super opaque as to what wen't wrong. Though rather than a 400 you
might throw a whatever it is for invalid method. Though i'd want to hear from
@rnewson or someone if restricting methods based on query string paramters is
kosher. If not kosher, than at least the 400 with the "you must specify the
selector in a POST body" message would be fine so that users have a bread crumb
when they get the error.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
