From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Thu, 25 Jan 2024 12:54:22 +0000 (+0100)
Subject: auth API: reject priority element in record, closes #12657
X-Git-Tag: dnsdist-1.9.0~14^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=36852ff83e4f4eca89488b677ddd6b92efad047c;p=thirdparty%2Fpdns.git

auth API: reject priority element in record, closes #12657
---

diff --git a/docs/upgrading.rst b/docs/upgrading.rst
index fb35e7a49e..1fce623997 100644
--- a/docs/upgrading.rst
+++ b/docs/upgrading.rst
@@ -49,6 +49,13 @@ Various custom queries have been renamed.
 
 Also, ``get-all-domains-query`` got an extra column for a zone's catalog assignment.
 
+API changes
+~~~~~~~~~~~
+
+A long time ago (in version 3.4.2), the ``priority`` field was removed from record content in the HTTP API.
+Starting with 4.9, API calls containing a ``priority`` field are actively rejected.
+This makes it easier for users to detect they are attempting to use a very old API client.
+
 any version to 4.8.x
 --------------------
 
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 7cfaea4619..9c82d7dafa 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -591,6 +591,9 @@ static void gatherRecords(const Json& container, const DNSName& qname, const QTy
   const auto& items = container["records"].array_items();
   for (const auto& record : items) {
     string content = stringFromJson(record, "content");
+    if (record.object_items().count("priority") > 0) {
+      throw std::runtime_error("`priority` element is not allowed in record");
+    }
     resourceRecord.disabled = false;
     if (!record["disabled"].is_null()) {
       resourceRecord.disabled = boolFromJson(record, "disabled");