fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard

Published 20 hours ago verified publisher icon FusionAuth

Provide better errors on API when Content-Type header is missing

Open voidmain opened this issue 4 years ago • 2 comments

Description

Currently, FusionAuth fails at random when the Content-Type header is missing for any API calls. It also sometimes returns a 500 status code because the code might not be prepared for for invalid HTTP requests like this.

We should prevent this by implementing a Content-Type requirement for specific URL patterns. In this case, if we require this header for anything under /api, it would prevent the explosions and allow us to return a proper HTTP status code like 400 plus an error message.

voidmain avatar May 05 '20 23:05 voidmain

Saw this again today with a nullpointerexception. In this case, it was because a Content-Type header was provided for a GET request with a value of application/json with a JSON body.

mooreds avatar Sep 15 '21 17:09 mooreds

We should avoid 5xx errors when the wrong content type is provided. That is pretty common.

mooreds avatar Jun 02 '22 14:06 mooreds