I have a silex BootableProvider to check for some requirements on every request before executing calls to any of my end points. All works good, except that when I use the $app->abort('403', 'forbidden for some reason'); anywhere in the boot() method, the response always returns code 200. The 'forbidden' message is correctly displayed and execution is interrupted as expected fortunately, but not having a meaningful Status code on the response makes it hard/cumbersome to process these failure responses.
I'm using silex 2.0.4.
If i however, execute the $app->abort(...) from any of my endpoints which implement ControllerProviderInterface, in the same request thread, the responses have the correct response codes I specify in the abort, so I'm thinking it's a timing issue.
Any advise is greatly appreciated.
Sample Code:
class BootProvider implements BootableProviderInterface {
function boot(Application $app) {
$app->abort(403, 'not allowed');
}
}
...
$app->register(new My\Api\BootProvider());
I've tried passing headers to override the Status to no avail.
Thanks!
In you case you should get just exception Fatal error: Uncaught exception.... Service providers are booted before kernel handle cycle, so errors are not processed.
Try to add event listener or middleware that will be executed before controllers and will make all checks.
$app->before(function (Request $request, Application $app) {
$app->abort(403, 'not allowed');
});
http://silex.sensiolabs.org/doc/2.0/middlewares.html
Related
I'm using Swashbuckle for a web api app in .Net Core 3.1. I want response examples for various response codes. I can get all of them working except HTTP 500. These are the attributes on the a particular method:
[SwaggerRequestExample(typeof(GroupInfoRequest), typeof(GroupInfoRequestExample))]
[SwaggerResponseExample(Status200OK, typeof(GroupInfo200Example))]
[SwaggerResponseExample(Status400BadRequest, typeof(GroupInfo400Example))]
[SwaggerResponseExample(Status403Forbidden, typeof(GroupInfo403Example))]
[SwaggerResponseExample(Status404NotFound, typeof(GroupInfo404Example))]
[SwaggerResponseExample(Status500InternalServerError, typeof(GroupInfo500Example))]
[ProducesResponseType(Status200OK)]
[ProducesResponseType(Status400BadRequest)]
[ProducesResponseType(Status403Forbidden)]
[ProducesResponseType(Status404NotFound)]
[ProducesResponseType(Status500InternalServerError)]
I can get all of them to render except the GroupInfo500Example. The application only returns an HTTP 500 to indicate an internal exception that isn't caught by other exception handlers. It is intended to return a body that contains, among other things, a GUID that can be passed in to our support organization to help them look up the exception in the application logs. I can not get the example to render for any 5xx error. If I change it to another status code, it renders, so it's specifically the 5xx result that doesn't render. I've checked the openapi json produced and it's not produced as part of the generated JSON. Is there a filter in place that keeps 5xx response docs from showing response examples?
Finally figured it out. I was missing part of the 'ProducesResponseType' attribute. It needs to have the return type as well as the HTTP status code. This works:
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status200OK)]
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status400BadRequest)]
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status403Forbidden)]
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status404NotFound)]
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status422UnprocessableEntity)]
[ProducesResponseType(typeof(ADServiceOperationMultipleResult<GroupActionRequestForUsers, UserQuery>), Status500InternalServerError)]
Oddly enough, some status codes were including the example without it, but now the examples appear consistently as long as I include the method return type in the attribute.
I'm working with a really strange (and nasty) API that I have no control over, and unfortunately when an invalid request is made, instead of responding with a 4xx status, it responds with a 200 status instead.
With this response, it also changes the response body from the usual XML response to plain text, but does not change the content type header. You can imagine how annoying this is!
I've got Siesta working with the API and the fact that it is no actually RESTful in the slightest, but I'm unsure how to get the next part working - handling the unsuccessful requests.
How do I go about transforming a technically valid and successful 200 response, into an error response? Right now I have the following setup:
configure("/endpoint") {
$0.mutateRequests { req in
... perform some mutation to request ...
}
$0.pipeline[.parsing].add(self.XMLTransformer)
}
configureTransformer("/endpoint") {
($0.content as APIResponse)
.data()
.map(Resource.init)
}
This is working just fine when the response actually is XML, however in the scenario where the response is an error, I receive the following:
bad api request: invalid api key
or something similar to this. The XMLParser class is already handling this, and in turn marks itself as having come across an error, however I don't know how to make Siesta realise that there is an error, and to not call my transformer but instead mark the request as failed to I can handle the error elsewhere.
How can I achieve what I'm after?
configureTransformer is just a common-case shortcut for the full-featured (but more verbose) arbitrary transformers Siesta’s pipeline supports. Full transformers can arbitrarily convert any response to any other, including success → failure and failure → success. The user guide discusses this a bit.
You can see this in action in the example project, which has a customer transformer that does something very similar to what you want, turning a 404 failure into a success with the content false. It is configured here and defined here. That example does a failure → success transformation, but you should find the code adaptable for your success → failure purposes.
If a POST request requires that i send four data elements in the body, like:
{
"name":abc,
"surname":xyz,
"contact_no":1234,
"address":random_value
}
What will happen if I miss out some of the elements, for example if I call the web service with elements like,
{
"name":abc,
"surname":xyz,
}
What error is the server likely to throw ? I am having this issue because I am making a API call and it's giving me a HTTP error 500, so I guess it's not an error on my part, but this is one doubt i wanted to clear. Thanks in advance.
Its depends on the service structure (if all fields are mandatory or not),
and HTTP error (500) returns to server error or (server or link) not found .
I'm building a firefox add-on using the add-on sdk. I need to make a http request to a certain page and I want to handle the connection timeout but couldn't find anything in the api: https://addons.mozilla.org/en-US/developers/docs/sdk/latest/modules/sdk/request.html
What I'm actually looking is a callback in case the client couldn't connect to the server.
Is there a way to achieve this?
The SDK request will always call onComplete, when the request is considered done for the network. This means that onComplete is called in any case, disregarding if the request returned an error or a success.
In order to detect which error you've got, you need to check the Response object's (the object passed to the onComplete function) property "status" (response.status). It holds the status code for the request. To look up status codes, consider the list on the mozilla developer network. If the response status is 0, the request has failed completely and the user is probably offline, or the target couldn't be reached.
A timeout would either be a status code 504 or 0. The implementation would be similar to this:
var Request = require("sdk/request");
Request({
url: "http://foo.bar/request.target",
onComplete: function(response) {
if(response.status==0||response.status==504) {
// do connection timeout handling
}
// probably check for other status codes
else {
// assume the request went well
}
}
}).get();
I personally use a validation function on the request object, which returns me a number which depends whether I've got a correct response, an error from the web server or a connection issue (4xx and 0 status codes).
In Delphi, I'm using Indy's TIdHTTPWebBrokerBridge coupled with TIdHTTP to send/receive data via HTTP. On the Server, I don't have any fancy handling, I always just respond with a simple content stream. If there's any issues, I only return information about that issue in the response content (such as authentication failed, invalid request, etc.). So, on the client side, can I assume that every successful request I make to this server will always have a response code of 200 (OK)?
I'm wondering because on the client, the requests are wrapped inside functions which return just a boolean for the success of the request.
Inside this function:
IdHTTP.Get(SomeURL, AStream);
Result:= IdHTTP.ResponseCode = 200;
This function handles any and every request which could possibly fetch data. If there were any issues in the request, This function should return False. In my scenario, since I always return some sort of content on the server, would the client always receive a response code of 200 in this function?
I guess the real question is, if I always return some sort of content and handle all exceptions on the server, then will the server always return status code of 200 to each request?
"Does every successful HTTP request always return status code 200?"
See w3.org: HTTP/1.1 Status Code Definitions (RFC 2616)
The answer is No. All 2xx are considered successful.
That may depend on the HTTP method used.
Should your web-server application always return 200 upon success? That may as well depend on the request method and the signal it intends for the client . e.g.
for PUT method (emphasis is mine):
If an existing resource is modified, either the 200 (OK) or 204 (No
Content) response codes SHOULD be sent to indicate successful
completion of the request.
for POST method:
The action performed by the POST method might not result in a resource
that can be identified by a URI. In this case, either 200 (OK) or 204
(No Content) is the appropriate response status, depending on whether
or not the response includes an entity that describes the result.
If a resource has been created on the origin server, the response
SHOULD be 201 (Created) and contain an entity which describes the
status of the request and refers to the new resource, and a Location
header (see section 14.30). Responses to this method are not
cacheable, unless the response includes appropriate Cache-Control or
Expires header fields. However, the 303 (See Other) response can be
used to direct the user agent to retrieve a cacheable resource.
As you can learn from the RCF, every method SHOULD have it's own success status codes, depending on the implementation.
Your other question:
"can I assume that every successful request I make to this server will always have a response code of 200 (OK)?"
You can always expect Status code 200, if your web server always responds with Status 200. Your web server application controls what response it returns to the client.
That said, Status code 200 is the Standard response for successful HTTP requests (The actual response will depend on the request method used), and in the real world of web servers, SHOULD be set as default upon successful request, unless told otherwise (As explained in Remy's answer).
To answer your specific question:
can I assume that every successful request I make to this server will always have a response code of 200 (OK)?
The answer is Yes, because TIdHTTPWebBrokerBridge wraps TIdHTTPServer, which always sets the default response code to 200 for every request, unless you overwrite it with a different value yourself, or have your server do something that implicitly replies with a different response code (like Redirect() which uses 302, or SmartServeFile() which uses 304), or encounter an error that causes TIdHTTPServer to assign a 4xx or 5xx error response code.
However, in general, what others have told you is true. On the client side, you should handle any possible HTTP success response code, not just 200 by itself. Don't make any assumptions about the server implementation.
In fact, TIdHTTP already handles that for you. If TIdHTTP encounters a response code that it considers to be an error code, it will raise an EIdHTTPProtocolException exception into your code. So if you don't get an exception, assume the response is successful. You don't need to check the response code manually.
If there is a particular response code that normally raises an exception but you do not want it to, you can specify that value in the optional AIgnoreReplies parameter of TIdHTTP.Get() or TIdHTTP.DoRequest(). Or, if you are are using an up-to-date Indy 10 SVN revision, a new hoNoProtocolErrorException flag was recently added to the TIdHTTP.HTTPOptions property so the EIdHTTPProtocolException exception is not raised for any response code.
Successful resposes are 2xx List_of_HTTP_status_codes
i did the following. Process straight all 200`s and LOG exceptions. worked, not a single non 200 - except unauthorized and timeouts (password or sometimes unavaliable server). but many/all responses will be considered for a wide range of mainstream apps.
while (iRedo < 3) do begin
s := Self.HTTPComponent.Get( sUrl );
if self.HTTPComponent.ResponseCode = 200 then begin
break;
end;
// IDEIA - log what happend if not 200
logWhatHappend( s, HTTPComponent ); // then log content, headers, etc
inc( iRedo ); sleep( 5 );
end;