Standard middlewares order execution


How do I know in what order the standard middlewares configured for a particular endpoint are checked?

There is something in the documentation, but it, for example, lacks json validation middleware.


Hello @ignashkins

This page should help!

All middlewares are not on this page.

For example: JSON validation, header modification

1 Like

TransformHeaders is for header modification
And yes, JSON validation is not there. I’ll open a ticket to improve it.


@Yaara maybe we should review this and include the graphql API execution sequence as well?

1 Like

Thank you!

I wonder if you might be able to help us. Actually why this question came up.

At the moment we are sending POST request which includes two middlware: Whitelist and Validate JSON, that’s all.

When we receive a request without specifying a Content-Lenth header, the request gives an error

    "error": "JSON parsing error: EOF"

If we pass the Content-Length, the query succeeds.

We tried printing the body inside the standard middleware validate json. The request body is empty when no Content-Length is passed.

We understand that this header is included in the standard and this behavior is logical, but we would like to understand why the request body is nullified (and not logged)

If you disable only Validate JSON and don’t pass the Content-Length, the request will execute successfully, but the body will be empty (fmt and in the Log Browser). After enabling the Content-Length header the body appears in the logs

Hi @ignashkins, could you help with your API definition, your gateway version and gateway config settings without sensitive information if possible? I would like to reproduce it, if I can.

Regarding the order of execution, we are currently working on updating the docs. I haven’t inquired internally but I assume based on the Log Browser that the Whitelist middleware is somewhere at the API Version check. While the JSON Validation is somewhere between Endpoint Analytics Track and Header Transform

While the doc is ongoing, you can see the order from here. As I mentioned earlier the whitelist middleware does take place within the API version check

Thank you, you have been very helpful.

The problem was related to this bug

If the request was sent without the Content-Length header, but with the header Transfer-Encoding: chunked, the body of the request was read after it was closed.

Error `http: invalid Read on closed Body’

Problem solved at the moment.

This code really helped us understand the middleware order