Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Distinguish between user and server errors on deserialization fail #1482

Closed
seav opened this issue Nov 6, 2018 · 2 comments
Closed

Distinguish between user and server errors on deserialization fail #1482

seav opened this issue Nov 6, 2018 · 2 comments
Labels
Enhancement

Comments

@seav
Copy link

seav commented Nov 6, 2018

Currently, if Dancer2 fails to deserialize a request body, it throws an error and returns an HTTP 500 error response. I think it would be better if we can distinguish failure due to user input (e.g., Content-Type: application/json but the JSON is invalid) for which we should return a HTTP 4xx error (most likely 400 Bad Request), and due to internal server errors (maybe a Perl module is missing) for which HTTP 500 is the correct response.

I am not sure how this issue is affected by #1056.
@veryrusty
Copy link
Member

Some of my $work colleagues have bumped into this too. PR soon :)

veryrusty added a commit that referenced this issue Jul 5, 2019
@veryrusty
Catch request deserialization failures
88b6e5e 
When a request that should be deserialized has bad content (such as
invalid JSON), the serializer throws an error and returns undef.
That gets caught and request object creation dies, which is then
handled in the App's psgi sub resulting in a 500 error.

When deserialisation fails, one typically does NOT want the client
repeating the request, in which case a 400 Bad Request error would be
more appropriate.

Wrap the request instantiation in an eval (with shim), so that we can
throw an error on deserialization failure.

By throwing an error in this way, we can send a serialized response
(another small win) rather than the plain text 500 error. PLUS ..
one can use the existing core.error.* hooks to modify the error as
needed, providing a solution to #1482.
cromedome pushed a commit that referenced this issue Apr 11, 2020
@veryrusty @cromedome
Catch request deserialization failures
dc40219 
When a request that should be deserialized has bad content (such as
invalid JSON), the serializer throws an error and returns undef.
That gets caught and request object creation dies, which is then
handled in the App's psgi sub resulting in a 500 error.

When deserialisation fails, one typically does NOT want the client
repeating the request, in which case a 400 Bad Request error would be
more appropriate.

Wrap the request instantiation in an eval (with shim), so that we can
throw an error on deserialization failure.

By throwing an error in this way, we can send a serialized response
(another small win) rather than the plain text 500 error. PLUS ..
one can use the existing core.error.* hooks to modify the error as
needed, providing a solution to #1482.
@veryrusty
Copy link
Member

Thanks again for reporting the issue @seav.

The work in #1509 has been merged into master in preparation for a new release (April 2020); deserialization failure will throw a 400 Bad Request. There's an example in the test suite (see t/deserialize.t) if you want to customise the error on serialization fail.

@cromedome cromedome added this to the April 2020 Release milestone Apr 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cromedome @veryrusty @seav