Return HTTP 400 on unrecognized task ID #908
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tgeoghegan
force-pushed
the
timg/unrecognized-task-400
branch
2 times, most recently
from
2b6f06c to
5903102
Compare
DAP-02's section on `/hpke_config` included a requirement that requests for HPKE configs where the task ID is unrecognized should yield HTTP 404 Not Found. Our implementation returned 404 from *all* endpoints if the request referenced an unrecognized task ID, which was not in compliance with DAP-02, since the errors section says that HTTP 400 Bad Request should be used "unless otherwise specified" (it was only otherwise specified for `/hpke_config`). DAP-03 improves this by removing the HTTP 404 Not Found requirement from `/hpke_config`, so now we can uniformly return HTTP 400 Bad Request for all `unrecognizedTask` errors, and in fact all errors since no protocol text ever specifies otherwise. This situation still isn't optimal, because the protocol shouldn't force us to use Bad Request everywhere, but we will have to wait for future DAP revisions to fix that. Closes #705
tgeoghegan
force-pushed
the
timg/unrecognized-task-400
branch
from
5903102 to
4f10dce
Compare
divergentdave
approved these changes
Jan 12, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
DAP-02's section on
/hpke_configincluded a requirement that requestsfor HPKE configs where the task ID is unrecognized should yield HTTP 404
Not Found. Our implementation returned 404 from all endpoints if the
request referenced an unrecognized task ID, which was not in compliance
with DAP-02, since the errors section says that HTTP 400 Bad Request
should be used "unless otherwise specified" (it was only otherwise
specified for
/hpke_config).DAP-03 improves this by removing the HTTP 404 Not Found requirement from
/hpke_config, so now we can uniformly return HTTP 400 Bad Request forall
unrecognizedTaskerrors, and in fact all errors since no protocoltext ever specifies otherwise.
This situation still isn't optimal, because the protocol shouldn't force
us to use Bad Request everywhere, but we will have to wait for future
DAP revisions to fix that.
Closes #705