Returns 500 if a body is included where not expected

Bug #1475647 reported by Niall Bunting on 2015-07-17
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Niall Bunting

Bug Description

If a user attaches a body to a HTTP message, where the API does not expect there to be a body the server returns a 500. This therefore affects a large part of the API.

Steps to reproduce (One example):
(1) The curl command, which includes a body:
curl -v -X GET -H "X-Auth-Token: 3ee83196ecbb4a559b945ac849c1520e" -d '[]'

(2) Sends the following:
User-Agent: curl/7.35.0.
Accept: */*.
Proxy-Connection: Keep-Alive.
X-Auth-Token: 3ee83196ecbb4a559b945ac849c1520e.
Content-Length: 2.
Content-Type: application/x-www-form-urlencoded.

The response in a 500 error.

It may be nice if it caught the fact that a body was not expected and returned a error early, to stop the whole body being uploaded. I would like some input into what people think the expected behavior should be?

Changed in glance:
assignee: nobody → Niall Bunting (niall-bunting)
description: updated
summary: - Get image API returns 500 if a body is included
+ Returns 500 if a body is included where not expected
description: updated
description: updated
Changed in glance:
status: New → In Progress
Changed in glance:
importance: Undecided → Medium

Submitter: Jenkins
Branch: master

commit 9b430f99518e10ae263bedec3062408af332068c
Author: Niall Bunting <email address hidden>
Date: Tue Jul 28 15:05:10 2015 +0000

    Add functionality to define requests without body

    This allows functions that do not accept bodies to define this in the
    router file. As currently many requests will cause a 500 if a body is
    supplied when the API request does not expect it.

    This currently only affects the core parts of the v2 api, that is,
    calls to v2/images and v2/schemas. It does not cover the "tasks" API
    or the metadefs api as I was keeping this patch concise. As this
    does not affect the behaviour if not included this makes no change to
    the metadefs api behaviour.


    Partial-Bug: 1475647

    Change-Id: Ieb510e5516128078d40d39fd9b4f339ce64e10e7

Submitter: Jenkins
Branch: master

commit a22f0744a5e89e653de9772e9b2b3aaa10c74f64
Author: Niall Bunting <email address hidden>
Date: Mon Feb 22 17:13:06 2016 +0000

    Reject bodies for metadef commands

    The inital commit missed the metadef commands. This now adds them in
    using as the source
    for this information.

    Closes-Bug: 1475647

    Change-Id: I764e09d9d0e3f2dd2d815b9eca2212075598303c

Changed in glance:
status: In Progress → Fix Released

This issue was fixed in the openstack/glance release candidate.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers