Django REST Framework API ignores any unknown parameters. This has led to several issues. For example, when a model filter was missing, a client received all records rather than the single one they were expecting. How can I force DRF to return 400 Bad Request whenever an API call includes an unknown parameter?
(An unknown parameter is one which is not in [SerializerClass].Meta.fields if this is a list, or not in [SerializerClass].Meta.model fields if it is __all__.)
One of the easy and basic solution may be this,
# serializer.py
class FooSerializer(serializers.ModelSerializer):
class Meta:
model = Foo
fields = '__all__'
# views.py
def foo_view(request):
serializer = FooSerializer(data=request.data)
if set(request.data.keys()) - set(serializer.fields.keys()):
raise Exception
Note: Assuming request.data is a dict object
Disclaimer: I'm not sure about the cases while we use source argument in serializer
