agnyz
Error formatted incorrectly - JSON is stringified
Describe the bug
we are getting a stringified (including symbols like \n) instead of an embedded json object in the response of errors.
Reproduction
Create a post using the following payload:
{
"article": {
"title": "test",
"description": "test",
"body": "test",
"tagList": [
"test"
]
}
}
you will notice the following repsonse, 422 unprocessable entity with:
{
"errors": {
"response": "{\n \"type\": \"validation\",\n \"on\": \"response\",\n \"summary\": \"Expected property 'article.createdAt' to be string but found: Wed Mar 19 2025 02:02:28 GMT+0500 (GMT+05:00)\",\n \"property\": \"/article/createdAt\",\n \"message\": \"Expected string\",\n \"expected\": {\n \"type\": \"Could not create expected value\",\n \"message\": \"String types with formats must specify a default value\",\n \"error\": {\n \"schema\": {\n \"format\": \"date-time\",\n \"type\": \"string\"\n }\n }\n },\n \"found\": {\n \"article\": {\n \"slug\": \"test\",\n \"title\": \"test\",\n \"description\": \"test\",\n \"body\": \"test\",\n \"tagList\": [\n \"test\"\n ],\n \"createdAt\": \"2025-03-18T21:02:28.090Z\",\n \"updatedAt\": \"2025-03-18T21:02:28.090Z\",\n \"author\": {\n \"bio\": \"\",\n \"image\": \"https://api.realworld.io/images/smiley-cyrus.jpg\",\n \"username\": \"test\",\n \"following\": false\n },\n \"favorited\": false,\n \"favoritesCount\": 0\n }\n },\n \"errors\": [\n {\n \"type\": 54,\n \"schema\": {\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"path\": \"/article/createdAt\",\n \"value\": \"2025-03-18T21:02:28.090Z\",\n \"message\": \"Expected string\",\n \"errors\": [],\n \"summary\": \"Expected property 'article.createdAt' to be string but found: Wed Mar 19 2025 02:02:28 GMT+0500 (GMT+05:00)\"\n },\n {\n \"type\": 54,\n \"schema\": {\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"path\": \"/article/updatedAt\",\n \"value\": \"2025-03-18T21:02:28.090Z\",\n \"message\": \"Expected string\",\n \"errors\": [],\n \"summary\": \"Expected property 'article.updatedAt' to be string but found: Wed Mar 19 2025 02:02:28 GMT+0500 (GMT+05:00)\"\n }\n ]\n}"
}
}
The error itself isn't important, what's important is that it's provided as a string instead of as a JSON
System Info
macbook pro, arc browser
Validations
- [x] Read the Contributing Guidelines.
- [x] Check that there isn't already an issue that reports the same bug.
- [x] Check that this is a concrete bug. For Q&A, open a GitHub Discussion.
- [x] The provided reproduction is a minimal reproducible example of the bug.
Related Elysia documentation here.
BTW I'm thinking if we should return these errors at all, or just a generic "Internal server error" and then log the cause of the error. Leaking implementation details through returned errors is kind of a security issue, it was even in the OWASP Top 10 in 2007. Only errors that are needed by the frontend and contain no sensitive information should be returned, e.g. something not found, not authorized, etc.
