HS.FHIRServer.RestHandler

DefaultContentType specifies the content type to use when no content type is specified in the incoming request. The FHIR spec at http://www.hl7.org/fhir/STU3/http.html#mime-type is clear about defaulting if no acceptable format is specified via content negotiation: "If neither the accept header nor the _format parameter are specified, the MIME-type of the content returned by the server is undefined and may vary." Per the FHIR spec, "FHIR uses UTF-8 for all request and response bodies." (http://www.hl7.org/fhir/http.html#mime-type) Setting this parameter to 1 (the default in %CSP.Page is 0) will cause CSP to convert the request content to internal format before passing it to this handler (The equivalent of doing $ZCVT(val, "I", "UTF8") on the request content).

This parameter influences the CORS support. The default is an empty string meaning 'not specified'. If set to true (1) then CORS processing is ON. If set to false (0) then CORS processing is OFF. If left unset "" then the decision to process CORS is delegated to the setting on the URL map route.

Per the FHIR spec, "requests and responses SHALL explicitly set the character encoding to UTF-8 using the charset parameter of the MIME-type in the Content-Type header" (http://www.hl7.org/fhir/http.html#mime-type). However what we have observed working with various FHIR clients is that clients sometimes include a Content-Type header in a request with no charset parameter. Setting the value of this key to 1 in the Configuration Registry in this namespace will cause a missing Content-Type charset to be ignored rather than rejected. A non-null charset that is not "utf8" or "utf-8" (case-insensitive) will still be rejected.

When set to 1 (true), OAuth access tokens are only checked to verify:
- The token is located in the Authorization header.
- The token is not blank (i.e., the Authorization header is not simply "Bearer" or "Bearer ").
- The current request is secure (i.e., is over https).
This may be desired when tokens are expected to always already have been validated prior to arriving at this Dispatch Class, or for specific implementations that want to defer token validation to some later part of request processing.

If the first element of the FHIR request url is this string, then we flag the request as a population query request by setting AdditionalInfo("USER:PopulationQueryRequested") to 1. This allows for specialized Strategy code to handle population queries specially if desired.

Translate valid values of the Accept header into a "format code"

Translate valid values of the Content-Type header into a "format code"

Translate valid values of the _format query parameter into a "format code"

@API Writes any returned content from the Response object to a stream, converting into the requested content format (json or xml). Sets the ContentType and CharSet properties in the specified'toObject'

Return an indicator indicating whether to do only the checking that is done by the PrelimTokenCheck method.

OnHandleCorsRequest overrides the same method from %CSP.REST. FHIR CSP config setting DisableCORS provides a way for an implementation to override the HandleCorRequest class parameter.

Called by %REST base class when an OPTIONS request is received. This method provides handling of the options request. Note carefully: If authentication is required then this method will be called before login and as such will have only limited privileges

Override of %CSP.REST OnPreDispatch(). This method gets called prior to dispatch of EVERY request. If this method sets pContinue to 0, the request will NOT be dispatched according to the UrlMap. In that case it is the responsibility of this method to return a response.

Use the user-related information in the access token to update the user-related information in the FHIR API request message.

Return the requested content format codes for the POSTed input data. The format codes are $$$FHIRContentCodeXML and $$$FHIRContentCodeJSON. The format of the input data (if any) is determined by the Content-Type header. This method analyzes the various acceptable Mime-Types and ensures that the CharSet is also proper. If the requested type is not supported, a 415 is returned for all FHIR versions. (Note: before R4, the return code was unspecified in the FHIR Spec). The spec says "... and 415 Unsupported Media Type when the client posts a format that is not supported to the server."

Return the Format Code ($$$FHIRContentCodeJSON or $$$FHIRContentCodeXML) for the output data. 1. check for '_format' parameter. If present, use that. 2. check the "Accept" header. If present, use that. Require charset is utf-8 (if present). Allow non-presence of charset spec. NOTE: The STU3 spec was stricter, but R4 removes the strictness because it was a pain. we will follow the R4 spec for R3. 3. Use the default (from the configuration)

Process an inbound request. This hands off the incoming request to the business service.