You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, hidden fields are simply stripped from resources when the resources are rendered into an API response. This is potentially confusing, and we could instead insert the Data Absent Reason extension with code masked to clearly indicate that the field is not being shown due to the user's access policy. To prevent information leakage, the extension should generally always be set as the value of that field when rendering the response, regardless of whether that field originally had a value. For nested fields, any intermediate nested objects should not be created to place the extension into if not already present — in this case it's acceptable to leave the entire absent parent field blank in the rendered resource JSON.
The text was updated successfully, but these errors were encountered:
Currently, hidden fields are simply stripped from resources when the resources are rendered into an API response. This is potentially confusing, and we could instead insert the Data Absent Reason extension with code
masked
to clearly indicate that the field is not being shown due to the user's access policy. To prevent information leakage, the extension should generally always be set as the value of that field when rendering the response, regardless of whether that field originally had a value. For nested fields, any intermediate nested objects should not be created to place the extension into if not already present — in this case it's acceptable to leave the entire absent parent field blank in the rendered resource JSON.The text was updated successfully, but these errors were encountered: