I have the route {controller}/{id}/{subcollection} which maps to the following method using Web API:
public virtual HttpResponseMessage PostSubcollectionItem([FromUri] TId id, [FromUri] string subcollection, [FromBody] InventoryItem item)
If a POST is done to a URL which matches the route and no Content-Type is specified in the HTTP request headers, the operation does not behave as expected.
The expected behaviour here would be that the ModelState isn't valid as the body couldn't be deserialized as no Content-Type was specified so no matching formatter could be found.
However this is not the case. Instead what happens is that the ModelState is marked as valid and only contains two values, one for subcollection and one for id and the method gets a null value for item resulting in failures down the code if it expects item not to null.
If the body can't be deserialized due to its Content-Type not being known, then the ModelState should be invalid so that the application can handle the invalid request rather than passing a null and making it look like the request was valid.
Comments: Agreed. Looks like a duplicate of: http://aspnetwebstack.codeplex.com/workitem/281
public virtual HttpResponseMessage PostSubcollectionItem([FromUri] TId id, [FromUri] string subcollection, [FromBody] InventoryItem item)
If a POST is done to a URL which matches the route and no Content-Type is specified in the HTTP request headers, the operation does not behave as expected.
The expected behaviour here would be that the ModelState isn't valid as the body couldn't be deserialized as no Content-Type was specified so no matching formatter could be found.
However this is not the case. Instead what happens is that the ModelState is marked as valid and only contains two values, one for subcollection and one for id and the method gets a null value for item resulting in failures down the code if it expects item not to null.
If the body can't be deserialized due to its Content-Type not being known, then the ModelState should be invalid so that the application can handle the invalid request rather than passing a null and making it look like the request was valid.
Comments: Agreed. Looks like a duplicate of: http://aspnetwebstack.codeplex.com/workitem/281