Learners, PR Template

Self checklist

• I have titled my PR with Region | Cohort | FirstName LastName | Sprint | Assignment Title
• My changes meet the requirements of the task
• I have tested my changes
• My changes follow the style guide

Changelist

Problem

Blooms are enforced to be limited to 280 characters on the frontend, but this constraint was only enforced client-side via HTML5 maxlength attribute. Users can bypass the frontend and post blooms directly to the API with content exceeding 280 characters.

Root Cause

The send_bloom() endpoint in endpoints.py accepts bloom content without validating length before saving to the database. There was no server-side validation.

Solution

Added server-side validation in the send_bloom() endpoint to:

• Check bloom content length before processing
• Return a 400 Bad Request error if content exceeds 280 characters
• Reject and log the violation with a clear error message

Changes Made

File: endpoints.py

• Modified send_bloom() function to validate content length
• Returns error response with message: "Bloom content must be 280 characters or less"
• Validation happens before database insert, preventing invalid data from being stored