auth API: reject priority element in record, closes #12657

diff --git a/docs/upgrading.rst b/docs/upgrading.rst
index fb35e7a49ed0bca8fb317f3e25b837edcc0d0b9e..1fce623997f77a238a77bad82ce2c253e65de02f 100644 (file)
--- a/docs/upgrading.rst
+++ b/docs/upgrading.rst
@@ -49,6 +49,13 @@ Various custom queries have been renamed.
 
 Also, ``get-all-domains-query`` got an extra column for a zone's catalog assignment.
 
+API changes
+~~~~~~~~~~~
+
+A long time ago (in version 3.4.2), the ``priority`` field was removed from record content in the HTTP API.
+Starting with 4.9, API calls containing a ``priority`` field are actively rejected.
+This makes it easier for users to detect they are attempting to use a very old API client.
+
 any version to 4.8.x
 --------------------
 

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 7cfaea4619ea92aa5ec6e6870b4083622eae2206..9c82d7dafa0f31b0fd4441e5269ec26d6dc39e5e 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -591,6 +591,9 @@ static void gatherRecords(const Json& container, const DNSName& qname, const QTy
   const auto& items = container["records"].array_items();
   for (const auto& record : items) {
     string content = stringFromJson(record, "content");
+    if (record.object_items().count("priority") > 0) {
+      throw std::runtime_error("`priority` element is not allowed in record");
+    }
     resourceRecord.disabled = false;
     if (!record["disabled"].is_null()) {
       resourceRecord.disabled = boolFromJson(record, "disabled");