I am seeing spurious HTTP 500 errors with cryptic messages. For example, doing a GET using oauth on /projects/28408740055707 I see a response body: {"errors":[{"message":"Server Error","phrase":"24 purple woodchucks wriggle fast"}]}
I've also seen it on GET /tasks/{taskId}/stories and other endpoints as well. Any thoughts on this? Thanks!
When an API call or an action within the Asana application generates a server error we generate a random phrase that corresponds so that we can easily look up logs about the issue later.
If you continue to experience 500 errors when making calls to the API we encourage you to write into api-support#asana.com and reference the error phrase along with the call that you were making so that we can try to fix the issue.
I checked for "24 purple woodchucks wriggle fast" and that specific issue seems to have been solved.
Related
I work on a number of Rails sites with forms and take advantage of Rails built-in authenticity token support. Works like a charm. Happy Happy Joy Joy.
It varies, but I would say I average about a SQL injection attack once a month that is successfully caught as having a failed authenticity token check. Wonderful.
The problem is the failed authenticity token check generates an ActionController::InvalidAuthenticityToken exception which returns an HTTP 5xx error because it is an unhandled exception. Good: the bad request is not allowed. Bad: The hacker is functionally informed that my server crashed which is hacker-code for KEEP ATTACKING THIS INTERFACE AT ALL COSTS because they aren't catching this error.
So what is the best way to handle this? If I simply try to wrap my controller method in a try/except, it doesn't even get to my method. It seems that if I want to respond with an access denied or some similar "bad user input" error (HTTP 4xx) then I would have to plug into the pipeline which seems like overkill for something the entire world has to deal with.
Also, what is the proper HTTP response? 400 (Bad Request)? Seems correct, but the other common scenario that generates this error is when a user pulls up your form from cache after the access token has timed out. In this case, the best user experience would be to simply refresh the form with a message saying it took too long for them to fill out the form or something like that. I suppose that could be in the body of an HTTP 400 response.
So how do I build this? Maybe something in the ApplicationController? Why isn't this the default? Maybe it is being handled properly and my "Unhandled Exception" reports are earlier in the pipeline?
We've been using slack API for some time, calling it from powershell inside Jenkins, and all was working fine. The messages have formatting and use some links.
Recently, some messages stopped to get through, returning (400) Bad Request.
If I get the content that failed from logs, and send it manually, the message gets through.
I'm trying to find a way to better troubleshoot what can be wrong with the content or the request, since "Bad Request" is a bit too vague.
In this specific case, I had to remove bit by bit until I found out there was an issue with accentuation and encoding, coming from a text from a git output.
For future reference, removing the encoding from the message might be a way to troubleshoot this kind of issue, as a way to identify if encoding is what's causing the error.
The way I did it in powershell was:
$msg = [Text.Encoding]::UTF8.GetString([Text.Encoding]::GetEncoding("ISO-8859-8").GetBytes($msg))
This generates problems with accentuation, but we're only trying to find if encoding is the issue generating the Bad Request response.
Following Renato's logic, a way of dealing with this in Python is as follows:
"".join(i for i in text if ord(i)<126 and ord(i)>31)
This will remove all non-ASCII characters and line breaks.
I'm trying to debug posting content via the Content Item Message spec back to Brightspace after a successful launch to my Ruby on Rails application – but I'm getting nothing but inscrutable 500 errors from the Brightspace server –– I presume that I am sending a bad signature (Brightspace confirmed this one time), but I haven't been able to find conclusive documentation on exactly how the nonce, timestsamp and signature are calculated, nor have I been able to find an open source library that appears to handle this.
Any advice appreciated.
I discovered that Instructure's ims-lti gem, although not documented, can generate signed params which can then be posted server-side or iterated through to render an HTML form client side, and then auto-submit, using the IMS::LTI::Models::Messages::ContentItemSelection class at /lib/ims/lti/models/messages/content_item_selection.rb
We have two jira installations at our company. One that we use for our projects and a second one for testing purposes.
I'm working in a project that needs to use the JIRA REST API. For this purpose I'm connecting to our testing instance.
The problem is that while trying out the REST API, I keep getting 400 errors without a single explanation of what went wrong. I just get an HTML with
Your browser sent a request that this server could not understand
I was a bit desperate and decided to try it into our real JIRA. To my surpirse the same request gave me a different response:
{"errorMessages":[],"errors":{"project":"project is required"}}
In this case, I do get a meaningful error!
I replicated this easily. I would never get a meaningful error from the test instance, but the real one will always give me one.
I cannot keep trying out stuff in our productive JIRA, but I cannot easily continue working without getting meaningful errors. So, what could be wrong in the testing instance? I could not find any configuration about the 'verbosity' of the API responses.
I believe that this error is returned not by JIRA but rather by proxy web server that is part of you production configuration.
I suggest you to compare HTTP headers that are sent with working requests from your browser with headers you pass via curl. Googling for the "Your browser sent a request that this server could not understand" helps too
I have a web application which i need to be load tested using LoadRunner. When I record the website using vugen it works good and there is no any application bug. But when I tried to replay the script, script failed after login and while navigating to next page, say, Transaction. At the end of log, I receive error:
Action.c(252): Error -26612: HTTP Status-Code=500 (Internal Server Error)
for "http://rob.com/common/transaction
Please help me to resolve this error.
LoadRunner generates HTTP request just as your browser does, this error is the same error you would get if you would go to that URL using your browser. Error code 500 is a generic server error that is returned when there is no better (more specific error to return).
Most likely the login process requires some form of authentication which is protected against a replay attack by using some form of token. It is up to you to capture this token using Correlations in LoadRunner and replay it as the server expects. The Correlation Studio in VuGen should detect and identify the token for you but since authentication methods vary it is sometimes impossible to do this automatically and you will have to create manual correlation. Please consult the product documentation for more details on how to do it. If your website is publicly available online then post its URL and I will try to record the script on my machine.
Thanks,
Boris.
Most common reasons
You are not checking each request for a valid result being returned and using a 200 HTTP status as an assumed correct step without examining the content of what is being returned. As a result when data being returned is incorrect you are not branching the code to handle the exception. Go one to two steps beyond where your business process has come off the rails with an assumptive success and you will have a 500 status message for an out of context action occurring 100% of the time.
Missed dynamic element. Record three times. Compare the code. Address the changing components.