OpenAPI validator tries to parse multipart/form-data request bodies as JSON (ValidateRequestBody)

[Michael-Z-Freeman]

The below is just one issue. I had a lot of problems using the playground (nice as it is ! 😎). It does not seem to handle images ?

Description

When using endpoints that accept multipart/form-data (such as the chunked media upload endpoint POST /2/media/upload/{id}/append which uploads raw binary chunks), the server returns a 403 validation error with:
invalid JSON: invalid character '-' in numeric literal

Cause

In internal/playground/handlers_unified.go (and validation.go around ValidateRequestBody), the validator middleware intercepts all POST/PUT/PATCH requests and unconditionally tries to parse the raw body as JSON using json.Unmarshal(body, &bodyData). It does not check if the request Content-Type is actually application/json (or if the body format is JSON), causing multipart/form-data requests to fail validation.

Proposed Fix

We should skip JSON validation inside ValidateRequestBody if the body is not formatted as JSON (e.g., if it doesn't start with { or [ after trimming whitespace):

	// Skip JSON validation if body is not JSON (e.g. multipart/form-data)
	startIdx := 0
	for startIdx < len(body) {
		c := body[startIdx]
		if c == ' ' || c == '\t' || c == '\n' || c == '\r' {
			startIdx++
		} else {
			break
		}
	}
	if startIdx >= len(body) || (body[startIdx] != '{' && body[startIdx] != '[') {
		return nil
	}