Incorrect response returned for invalid Accept header
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Won't Fix
|
Undecided
|
Niraj Singh | ||
Glance |
Invalid
|
Undecided
|
Niraj Singh | ||
OpenStack Compute (nova) |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Heat |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Identity (keystone) |
Won't Fix
|
Undecided
|
Unassigned | ||
masakari |
Won't Fix
|
Undecided
|
Unassigned | ||
neutron |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
As of now, when user passes 'Accept' header in request other than JSON and XML using curl command then it returns 200 OK response with json format data.
In api-ref guide [1] also it's not clearly mentioned about what response it should return if invalid value for 'Accept' header is specified. IMO instead of 'HTTP 200 OK' it should return 'HTTP 406 Not Acceptable' response.
Steps to reproduce:
Request:
curl -g -i -X GET http://
Response:
HTTP/1.1 200 OK
Date: Thu, 31 Aug 2017 07:12:18 GMT
Server: Apache/2.4.18 (Ubuntu)
x-compute-
Content-Type: application/json
Content-Length: 2681
x-openstack-
Connection: close
[1] https:/
Changed in cinder: | |
assignee: | nobody → Niraj Singh (nirajsingh) |
Changed in glance: | |
assignee: | nobody → Niraj Singh (nirajsingh) |
tags: | added: api |
Changed in masakari: | |
status: | New → Won't Fix |
Changed in nova: | |
status: | New → Won't Fix |
Changed in heat: | |
status: | New → Won't Fix |
Changed in neutron: | |
status: | New → Won't Fix |
I generally agree that this is bad behavior and it would be nice if 406 were the response.
However, this isn't violating the HTTP 1.1 RFCs. https:/ /tools. ietf.org/ html/rfc7231# section- 5.3.2 says:
"If the header field is
present in a request and none of the available representations for
the response have a media type that is listed as acceptable, the
origin server can either honor the header field by sending a 406 (Not
Acceptable) response or disregard the header field by treating the
response as if it is not subject to content negotiation."
As far as I'm aware very very few (if any) openstack services do content negotiation. They only return JSON. Given that, it is acceptable (ha!) for the header to be disregarded if that's what people choose.