Conversation
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Thanks to #3465 This should simplify daily routines for beginners. ## Tradeoffs - Removed `Promise` from `ServerHook` type => `beforeRouting` and `afterRouting` become sync - No further async features to `createServer` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Updated code examples to show synchronous server initialization without `await` * **Refactor** * Server creation function is now fully synchronous; remove `await` when invoking it * Server lifecycle hooks execute synchronously during initialization <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Closed
# Supporting HTTP QUERY Method in express-zod-api ## Background: What Is HTTP QUERY? The HTTP QUERY method is defined in **RFC 10008** (published June 2026, Standards Track). In essence, QUERY is like GET but with a body. It is a **safe and idempotent** request method that can carry request content — a combination of properties that no existing standard HTTP method fully satisfies. QUERY requests that the target resource process the enclosed content (the query) and respond with the result, without changing resource state. The server uses the `Content-Type` to determine how to interpret the body, and clients can discover QUERY support via the `Accept-Query` response header. **Key properties:** | Property | QUERY | GET | POST | |---|---|---|---| | Safe | Yes | Yes | No | | Idempotent | Yes | Yes | No | | Can have body | Yes | No | Yes | | Cacheable | Yes | Yes | With care | | Request content in URI | Not required | Required | Not required | ## Why Use QUERY When GET and POST Already Exist? ### Problems with GET for queries GET encodes the entire query in the URI. This has several drawbacks: - **URI size limits** — many implementations (servers, proxies, CDNs) cap URIs at ~8 KB, making complex queries impossible. - **Encoding overhead** — binary data, complex filters, or structured query languages must be URI-encoded, inflating size and reducing readability. - **Exposure** — URIs are more likely to be logged by intermediaries and bookmarked by users, potentially leaking query details. ### Problems with POST for queries POST is neither safe nor idempotent. Using it for queries means: - **No safe retries** — intermediaries and clients cannot automatically retry a POST on network failure, because the request might have mutated state. - **No caching** — POST responses are not cacheable by default, so repeated identical queries cannot be served from a cache. - **Semantic mismatch** — POST implies creation or mutation; using it for read-only queries confuses tooling, monitoring, and human readers. ### How QUERY bridges the gap QUERY is semantically a read operation (safe, idempotent, cacheable) but with body support like POST. This makes it the natural choice for: - Complex search/filter APIs (GraphQL, Elasticsearch, SQL-over-HTTP) - APIs with large or structured query payloads - Any read operation where the query exceeds URI size limits - Safe operations that need content negotiation via `Content-Type` ## What Would It Take to Add QUERY Support? ### Current state - **Node.js** (22.19+, 24.x, 26.x) already has `QUERY` in `http.METHODS` — the parser accepts it. - **Express 5.1.x** at runtime handles QUERY correctly via its Layer-based routing — Express does not restrict which methods can be routed. - **Express types** (`@types/express-serve-static-core`) do not list `query` on `IRouter`. This is a deliberate policy: Express adds type entries only when the IETF method reaches sufficient maturity. (For reference, Express also does not type `"query"` despite it being the `?key=val` part of a URL — the name collision is coincidental.) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for the HTTP **QUERY** method (RFC 10008), including typed client/endpoints and default input handling (query, body, and path params). * Documentation improvements for OpenAPI **3.2.0** (including SSE schema handling) and enhanced security depiction (OAuth2 device authorization). * **Bug Fixes** * Improved routing initialization to validate **QUERY** registration and raise clearer errors when unsupported. * **Documentation** * Updated generated docs/snapshots and example payload structure (`value` → `dataValue`), and adjusted documentation constructor inputs to `info` + `server`. * **Tests** * Expanded coverage for **QUERY** routing, extraction, typing, and documentation output. * **Chores** * Updated server startup lifecycle to treat hooks as synchronous, and removed the deprecated `Integration.create()` factory. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
1 task
1. Related to #3479 2. Restores #1733 3. Partially reverts #1741 to support both JSON and more conventional URL-encoded body types for QUERY method 4. Splits CORS to maintain handling for the issue #2706 5. Changes the type of the `cors` config option (breaking) to support RequestHandler, such as a middleware provided by the well-known `cors` library 6. Featuring `beforeParsers` hook, while `beforeRouting` remains exactly before calling `initRouting()` --------- Co-authored-by: pullfrog[bot] <226033991+pullfrog[bot]@users.noreply.github.com>
# Conflicts: # .pnpmfile.mjs # pnpm-lock.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Angie Zapata was an 18-year-young transgender woman living in Greeley, Colorado. Those who knew her described her as a vibrant, kind-hearted teenager with a passion for beauty and fashion. She dreamed of attending cosmetology school and living her life authentically. Like many transgender youth, Angie faced severe systemic hurdles, including financial strain and intense loneliness. Despite these vulnerabilities, she remained determined to build a bright future for herself.
In July 2008, Angie met a man named Allen Andrade online. After spending several days together, he discovered that Angie was transgender. Rather than walking away, he chose brutal violence. He attacked Angie, beating her to death with a fire extinguisher inside her own apartment. He later showed a complete lack of remorse. He used derogatory slurs to describe her and proudly told investigators that he thought he had "killed it."
Angie's murder highlights the extreme vulnerability faced by transgender individuals, who are disproportionately targeted by severe violence.
Angie’s family refused to let her story be silenced. They fought for her dignity in a historic trial. In 2009, a Colorado jury convicted the killer of first-degree murder and a hate crime. This marked the very first time in United States history that a prosecutor secured a hate-crime conviction involving a transgender victim. While the verdict brought legal justice, it remains a solemn reminder of the urgent need to protect transgender individuals from senseless prejudice.
Integration::create()method. #3471createServer()sync again #3472QUERYmethod #3479Endpoint::getProbableRequestType()#3507