zio
Missing Authorization header is reported as 400 instead of 401
A missing Authorization header is reported with 400 instead of 401 status code when served by a route created using the declarative endpoint syntax.
To Reproduce
- Create a simple endpoint using
Endpoint(PathCodec.Get).header(HeaderCodec.authorization). - Send a request without
Authorizationheader. - Get a response with 400 status code.
Expected Behaviour
According to the RFC, in such case a response should have 401 Unauthorized code:
The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource.
@weili96 without the endpoint definition, Idk what the issue is. Also, if you find a new bug, please open a new issue
private val editorViewArticleEndpoint =
Endpoint((RoutePattern.POST / "article" / "editorView") ?? Doc.p("文章编辑页面-查看文章详情"))
.auth(AuthType.Bearer)
.header(HeaderCodec.authorization)
.in[ArticleId]
.out[ArticleInfo]
.outErrors[ServerError](
HttpCodec.error[BadRequestError](Status.BadRequest),
HttpCodec.error[DbError](Status.InternalServerError)
)
.tag("Article")
private val editorViewArticleRoute = editorViewArticleEndpoint.implement(
(authHeader: Authorization, input: ArticleId) =>
ZIO.serviceWithZIO[ArticleApiHandler](_.editorViewArticle(input, Authorization.render(authHeader)))
)
@987Nabil when i send , without header of authorization
private val uploadImageEndpoint =
Endpoint((RoutePattern.POST / "upload" / "image") ?? Doc.p("上传图片"))
.auth(AuthType.Bearer)
.header(HeaderCodec.authorization)
.header(HeaderCodec.contentType)
.inCodec(HttpCodec.binaryStream(MediaType.multipart.`form-data`))
.out[ImageUrl]
.outErrors[ServerError](
HttpCodec.error[BadRequestError](Status.BadRequest),
HttpCodec.error[DbError](Status.InternalServerError)
)
.tag("Tool")
private val uploadImageRoute = uploadImageEndpoint.implement(
(_, bytes) => {
for
_ <- ZIO.logInfo(bytes.toString)
form <- Body.fromStreamChunked(bytes).asMultipartForm.mapError(e => BadRequestError(s"请求转换异常; ${e.toString}"))
_ <- ZIO.logInfo(form.formData(1).name)
res <- ZIO.serviceWithZIO[ToolApiHandler](_.uploadImage(form))
yield res
}
)
this is also without contentType
💎 $100 bounty • ZIO
Steps to solve:
-
Start working: Comment
/attempt #3235with your implementation plan -
Submit work: Create a pull request including
/claim #3235in the PR body to claim the bounty - Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts
❗ Important guidelines:
- To claim a bounty, you need to provide a short demo video of your changes in your pull request
- If anything is unclear, ask for clarification before starting as this will help avoid potential rework
- Low quality AI PRs will not receive review and will be closed
- Do not ask to be assigned unless you've contributed before
Thank you for contributing to zio/zio-http!
| Attempt | Started (UTC) | Solution | Actions |
|---|---|---|---|
| 🟢 @Skyiesac | Aug 10, 2025, 12:19:22 PM | #3614 | Reward |
| 🟢 @notxcain | Jan 22, 2025, 06:09:56 PM | #3281 | Reward |
| 🟢 @melmathari | May 25, 2025, 11:48:54 PM | #3512 | Reward |
![algora-pbc[bot] avatar](https://avatars.githubusercontent.com/in/275896?v=4 "Published by a pub.dev verified publisher"){kind=small}
/attempt #3235
| Algora profile | Completed bounties | Tech | Active attempts | Options |
|---|---|---|---|---|
| @notxcain | 1 ZIO bounty | Scala, JavaScript, Java & more |
Cancel attempt |
💡 @notxcain submitted a pull request that claims the bounty. You can visit your bounty board to reward.
