WSME

wsme returns 500 when it should return 415

Bug #1419110 reported by Chris Dent
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
WSME
Fix Released
Undecided
Chris Dent
WSME 0.8.0 "0.8.0"

Bug Description

A web service should never intentionally set the response status to 500 unless it has experienced an exception that it cannot categorize into some more reasonable status code (from somewhere in the 4xx range).

WSME will give a 500 when it fails to find a satisfactory protocol handler. This can be triggered on GET or POST/PUT by sending an accept or content-type header that doesn't fit with expectations. So, for example the 500 can be triggered on the first easy app here <https://pythonhosted.org/WSME/> by sending a GET request with an accept header of 'text/plain'. The proper response here would be a 400, 406 or 415 depending on your predilections but _never_ a 500.

Similarly if the simple app is extended to allow POST/PUT:

       @expose(unicode)
       @validate(unicode)
       def moo(self, cow):
            print cow
            return cow

this will work fine when given a content-type header of 'application/json' but 500 when given 'text/plain'. A 415 makes more sense.

I can probably submit a patch to fix this, but I'd like to get some input on if it is in alignment with goals.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote :

That seems like a reasonable interpretation of the error codes.

Revision history for this message
Christophe de Vienne (cdevienne) wrote :

Getting compliant with standards is definitely a goal.

406 for a wrong 'Accept' and 415 for a wrong 'Content-Type' sounds good.

Thanks!

Chris Dent (cdent)
Changed in wsme:
assignee: nobody → Chris Dent (chdent)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to wsme (master)

Fix proposed to branch: master
Review: https://review.openstack.org/154066

Changed in wsme:
status: New → In Progress
Revision history for this message
Chris Dent (cdent) wrote :

The fix for this revealed a much more significant bug in WSME, described in the commit of the linked review.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to wsme (master)

Reviewed: https://review.openstack.org/154066
Committed: https://git.openstack.org/cgit/stackforge/wsme/commit/?id=8710dabb652dae775dee31789e91608f832e62e6
Submitter: Jenkins
Branch: master

commit 8710dabb652dae775dee31789e91608f832e62e6
Author: Chris Dent <email address hidden>
Date: Mon Feb 9 14:52:07 2015 +0000

    Improve Accept and Content-Type handling

    Originally, if WSME received an Accept or Content-Type header that
    was not aligned with what it was prepared to handle it would error
    out with a 500 status code. This is not good behavior for a web
    service.

    In the process of trying to fix this it was discovered that the
    content-negotiation code within WSME (the code that, in part,
    looks for a suitable protocol handler for a request) and tests of
    that code are incorrect, violating expected HTTP behaviors. GET
    requests are passing Content-Type headers to declare the desired
    type of representation in the response. This is what Accept is for.

    Unfortunately the server-side code was perfectly willing to accept
    this behavior. These changes correct that.

    Closes-Bug: 1419110
    Change-Id: I2b5c0075611490c047b27b1b43b0505fc5534b3b

Changed in wsme:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to wsme (master)

Reviewed: https://review.openstack.org/172520
Committed: https://git.openstack.org/cgit/stackforge/wsme/commit/?id=e31045e57a102182d33252e3a6b07ddfa9488ebe
Submitter: Jenkins
Branch: master

commit e31045e57a102182d33252e3a6b07ddfa9488ebe
Author: Chris Dent <email address hidden>
Date: Fri Apr 10 18:41:32 2015 +0100

    Multiple protocol accept or content-type matching

    The changes in 8710dabb652dae775dee31789e91608f832e62e6 broke
    protocol failover when the REST protocol is listed before others
    (see bug referenced below).

    This patch tries to solve both issues by trying to match accept over all
    the protocols, only giving up a 406 or 415 if all protocols fail, using
    the last failure as the error message.

    Related-Bug: #1419110
    Closes-Bug: #1442710
    Change-Id: I328a392151013c46207519c245213d5dec48ecc9

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to wsme (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/208555

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to wsme (master)

Reviewed: https://review.openstack.org/208555
Committed: https://git.openstack.org/cgit/stackforge/wsme/commit/?id=078cd723655b4cf52835a66f19bd9a2b85d0b73a
Submitter: Jenkins
Branch: master

commit 078cd723655b4cf52835a66f19bd9a2b85d0b73a
Author: Mehdi Abaakouk <email address hidden>
Date: Mon Aug 3 18:28:23 2015 +0200

    rest: return 415 when content-type is invalid

    When the body of a POST request cannot be decoded because
    the content-type is not supported by any rest controller.

    The server should return 415, not 500.

    Related bug: #1419110

    Change-Id: I8f8df4ab4062181e8d511e437a8486182c262ff8

Doug Hellmann (doug-hellmann)
Changed in wsme:
milestone: none → 0.8.0
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.