clan/clan-core
12
4
Fork 19
Code Issues 108 Pull Requests 2 Actions Packages Projects 1 Releases Wiki Activity

API Error responses lacking correct headers #469

New Issue
Closed
opened 2023-11-05 10:35:46 +00:00 by hsjobeki · 3 comments
hsjobeki commented 2023-11-05 10:35:46 +00:00
Owner
Copy Link

Usually our response headers look like this:

HTTP/1.1 200 OK
date: Sun, 05 Nov 2023 10:28:07 GMT
server: uvicorn
content-length: 2410
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: http://localhost:3000
vary: Origin

However if our api detects an error (tested with 500 internal server error) only the following headers exist.

HTTP/1.1 500 Internal Server Error
date: Sun, 05 Nov 2023 10:23:58 GMT
server: uvicorn
content-length: 21
content-type: text/plain; charset=utf-8

Since access-control-allow-origin and access-control-allow-credentials is missing.

This is can also be interpreted as a Network Error, which it is not

I could of course add exceptions to the behavior of axios. (which i am using for request making) But that's unnecessarily complex and doesn't solve the root cause:

Ambiguity of both missing headers and an unrelated error message.

If viewing from API perspective, both have meaning.

  • Am i not allowed to access the ressource?
  • The server also responds with a completely unreleated error message.

Expected behavior

Please make sure all headers exist in all code-branches. So we can display correct error messages to the user.

Or if the ressource is really not accessible respond with "403 Forbidden"
Which i dont think is the case here

Usually our response headers look like this: ```ini HTTP/1.1 200 OK date: Sun, 05 Nov 2023 10:28:07 GMT server: uvicorn content-length: 2410 content-type: application/json access-control-allow-credentials: true access-control-allow-origin: http://localhost:3000 vary: Origin ``` However if our api detects an error (tested with 500 internal server error) only the following headers exist. ```ini HTTP/1.1 500 Internal Server Error date: Sun, 05 Nov 2023 10:23:58 GMT server: uvicorn content-length: 21 content-type: text/plain; charset=utf-8 ``` Since access-control-allow-origin and access-control-allow-credentials is missing. **This is can also be interpreted as a Network Error, which it is not** I could of course add exceptions to the behavior of axios. (which i am using for request making) But that's unnecessarily complex and doesn't solve the root cause: Ambiguity of both missing headers and an unrelated error message. If viewing from API perspective, both have meaning. - Am i not allowed to access the ressource? - The server also responds with a completely unreleated error message. ## Expected behavior Please make sure all headers exist in all code-branches. So we can display correct error messages to the user. Or if the ressource is really not accessible respond with "403 Forbidden" Which i dont think is the case here
Mic92 was assigned by hsjobeki 2023-11-05 10:37:09 +00:00
Qubasa was assigned by hsjobeki 2023-11-05 10:37:10 +00:00
hsjobeki commented 2023-11-05 11:05:01 +00:00
Author
Owner
Copy Link

Problem is also "axios" (biggest library for making API requests) interprets headers more important than status codes and then displays, "Network Error" instead of "Internal Server Error" which is weird, but correct. Since the headers are missing this is one of the correct interpretations.

Problem is also "axios" (biggest library for making API requests) interprets headers more important than status codes and then displays, "Network Error" instead of "Internal Server Error" which is weird, but correct. Since the headers are missing this is one of the correct interpretations.
DavHau commented 2023-11-13 15:06:35 +00:00
Owner
Copy Link

@hsjobeki Could you provide some instructions on how to reproduce this? I don't seem to get any of the access-control-... headers on any of our API responses:

 ~> http put http://localhost:2979/api/example_clan/schema clan=
HTTP/1.1 200 OK
content-length: 1714
content-type: application/json
date: Mon, 13 Nov 2023 15:02:26 GMT
server: uvicorn

{
[...]
@hsjobeki Could you provide some instructions on how to reproduce this? I don't seem to get any of the `access-control-...` headers on any of our API responses: ``` ~> http put http://localhost:2979/api/example_clan/schema clan= HTTP/1.1 200 OK content-length: 1714 content-type: application/json date: Mon, 13 Nov 2023 15:02:26 GMT server: uvicorn { [...] ```
Mic92 commented 2023-11-14 15:43:02 +00:00
Owner
Copy Link

fixed in https://git.clan.lol/clan/clan-core/pulls/506/files

fixed in https://git.clan.lol/clan/clan-core/pulls/506/files
Mic92 closed this issue 2023-11-14 15:43:02 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
backups

   
blog

   
bootstrapping

Issues regarding bootstrapping, or onboarding

  
bug

Something is not working.

  
changes-requested

Please fix this.

  
cli

   
documentation

   
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
facts

Issues regarding facts and secrets setting and generation

  
help wanted

Need some help

  
invalid

Something is wrong

  
Inventory

Inventory

  
low_prio

   
manager

   
modules

   
needs-review

This PR needs to be reviewed. Use the request-changes label to request changes

  
networking

   
packaging

   
question

More information is needed

  
secrets

   
template

Issues regarding templates.

  
test

Issues regarding testing

  
tooling

Issues regarding internal devtools

  
user-testing

Issues that cristallised after hands on user testing.

  
vm

Issues regarding virtual machines.

  
wontfix

This won't be fixed

No Label
backups
blog
bootstrapping
bug
changes-requested
cli
documentation
duplicate
enhancement
facts
help wanted
invalid
Inventory
low_prio
manager
modules
needs-review
networking
packaging
question
secrets
template
test
tooling
user-testing
vm
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
Qubasa
Mic92
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: clan/clan-core#469
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?