Ensure schema defined for each response that is not head or its code is not 204 or 304
Ensure that the response of an operation is head or its code is 204 (No Content) or 304 (Not Modified), it does not have a content defined in OpenAPI. According to the OpenAPI specification and RFC 7331, these responses are not supposed to have a body, and specifying content for them may cause confusion or errors.
Risk Level: medium
Platform: OpenAPI
Spectral Rule ID: OPENAPI015
REMEDIATION
Remove the content field for the response that has a status code of 204 or 304, or has a head operation. For example:
paths:
/users/{id}:
head:
parameters:
- name: id
in: path
required: true
type: string
responses:
'200':
description: User exists.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
'404':
description: User not found.
get:
parameters:
- name: id
in: path
required: true
type: string
responses:
'200':
description: A user object.
+ content:
+ application/json:
+ schema:
.
.
.
'204':
description: No user found.
- content: # remove this field
'304':
description: User not modified since last request.
- content: # remove this field
Read more:
Updated 7 months ago