diff --git a/src/Microsoft.AspNetCore.OData/Query/EnableQueryAttribute.cs b/src/Microsoft.AspNetCore.OData/Query/EnableQueryAttribute.cs index 60bd9ad51..52b639f2d 100644 --- a/src/Microsoft.AspNetCore.OData/Query/EnableQueryAttribute.cs +++ b/src/Microsoft.AspNetCore.OData/Query/EnableQueryAttribute.cs @@ -62,18 +62,19 @@ public override void OnActionExecuting(ActionExecutingContext actionExecutingCon actionExecutingContext.HttpContext.Items.TryAdd(nameof(RequestQueryData), requestQueryData); - ODataQueryOptions queryOptions = CreateQueryOptionsOnExecuting(actionExecutingContext); - if (queryOptions == null) + try { - return; // skip validation - } + ODataQueryOptions queryOptions = CreateQueryOptionsOnExecuting(actionExecutingContext); - // Create and validate the query options. - requestQueryData.QueryValidationRunBeforeActionExecution = true; - requestQueryData.ProcessedQueryOptions = queryOptions; + if (queryOptions == null) + { + return; // skip validation + } - try - { + // Create and validate the query options. + requestQueryData.QueryValidationRunBeforeActionExecution = true; + requestQueryData.ProcessedQueryOptions = queryOptions; + HttpRequest request = actionExecutingContext.HttpContext.Request; ValidateQuery(request, requestQueryData.ProcessedQueryOptions); } diff --git a/test/Microsoft.AspNetCore.OData.E2E.Tests/UnboundOperation/UnboundOperationTest.cs b/test/Microsoft.AspNetCore.OData.E2E.Tests/UnboundOperation/UnboundOperationTest.cs index 3b6946cd5..1c9bae11a 100644 --- a/test/Microsoft.AspNetCore.OData.E2E.Tests/UnboundOperation/UnboundOperationTest.cs +++ b/test/Microsoft.AspNetCore.OData.E2E.Tests/UnboundOperation/UnboundOperationTest.cs @@ -441,6 +441,21 @@ public async Task ActionImportFollowedByQueryOption() Assert.DoesNotContain("Street 11", responseString); } -#endregion + [Fact] + public async Task AnEmptyFilterQueryOptionShouldReturnA400() + { + // Arrange + var uri = "odata/UpdateAddress?$filter="; + var content = new { Address = new { Street = "Street 11", City = "City 11", ZipCode = "201101" }, ID = 401 }; + HttpClient client = CreateClient(); + + // Act + var response = await client.PostAsJsonAsync(uri, content); + + // Assert + Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode); + } + + #endregion } }