We have a reactive application. When debugging the data fetch actions in Dev tools we noticed that all screen variables values are is being included in the Request Payload. This is true even when the server data action being called has no use for any of this data. For example, I have a "Fetch from other data sources" that simply returns a site parameter value but when I look at the DataAction request/response in Dev Tools I'm seeing all of the screen variables included in the request.
Has anyone else run into this, and if so is there a way to limit what is sent?
Hi Josh,
You are right, for now the platform is optimizing the server->client response by just sending what's needed, and the client->server request by only including the current record in lists. This is because the payload is encrypted, it's possible to access variables in data actions and aggregates, and because lists are the main culprits of performance issues. In any case this might change in the future.
In your case in particular why is that data action being called so many times (I'm guessing that on the first call the values are probably empty)? You might want to review that pattern. Login pages, because their are anonymous, should always be dealt with some extra care.
Cheers,Tiago Simões
Hi Josh,I have run into similar kind of scenario, not exactly the same, the solution is to Encrypt and Decrypt the Request and Response to exclude it from Security concerns!!
Since version 11.10, you can turn on the optimizer to minimize the information sent to the client, for instance, only the information shown in the screen will be sent, the other unused fields will go empty.
Below I post a screenshot with the full explanation on this topic which can be found on this blog post on OutSystems security best practices:
Kind Regards,João
I just tried the same test in my personal cloud, and I'm seeing the same type of results.
I created a Data Action that fetches a Site property, it's set to run on demand. I then updated the password input field to refresh this action onChange. (Not really a valid use case but it makes it easy to replicate what I'm seeing)
Here you can see that the Request payload includes ever variable that is defined on the screen even though none of them are needed by the Data action. (it even includes the plain text password) It just seems odd to pass all of these variables when the action has no use for them.
That example was just a quick and dirty example that highlights what we are seeing in our real application. It was called so many times because I added the action refresh to onChange of the password. (so each character typed kicked it off)
Your explanation helps me understand this better. So all client>server payloads will contain all of the encrypted variables and if I have a list in the local variable with 100 elements only the single current list item is sent.
I am still seeing some unexpected behavior in the response payload, but I think I can limit that further by creating a data model structure in the application that specifies which elements we will be using.
Since I believe this should be part of the platform, I created an idea for this:
https://www.outsystems.com/ideas/12541/optimize-data-action-request-payload/
Cool, upvoted.