-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Throw HTTP/400 instead of HTTP/500 for invalid body-dto's (Closes #301) #304
base: master
Are you sure you want to change the base?
Conversation
Instead of throwing an HTTP/500 (internal server error) Oat++ can now detect invalid body-dto's and throws an HTTP/400 (bad request) if the body-dto isn't parsable or the wrong body-dto.
Hey @bamkrs , Just wanted to say that I've seen the PR, but had no chance to look deeply into the test errors. Your changes look good. Please feel free to continue your work in case of any new ideas. Best Regards, |
Yeah I know that we stumbled upon this or a similar problem a while ago. It somehow feels familiar. I think we accepted this behaviour as the desired one (closing internal connection on error) and just removed the test that throws the error that should be tested. However, maybe the client should automatically reconnect for the next call? I don't know what exactly goes on since its not the next call that fails but the second next or even the third. |
Despite the fact that we've accepted it last time, I think it's a bug and we should fix it.
It looks weird. |
So I finally found the root issue. It affects virtual and real connections.
and no error handler is set, a generic HttpError is thrown:
This exception, however, is not caught in the
Thus the exception is caught in Finally, because oatpp/src/oatpp/web/server/HttpProcessor.cpp Line 196 in 25e465b
So an easy fix would be to change oatpp/src/oatpp/web/server/HttpProcessor.cpp Line 130 in 25e465b
to true since this is only an "harmless" HttpError which is quite normal and HttpErrors are yielded all the time.
However, a more elegant approach would be to catch these "good" errors higher up and just propagate them to the client and keep everything alive. |
Yes, you are correct about the root issue.
Not really - the challenge is the request body.
And the solution here would be whether to always drain the body, or to always drop connection on exceptions (second is what we currently do). So the correct solution here would be:
The good news is that it's not so scary as it sounds. |
Hey @lganzzzo I got a few messages, that you are working on v1.3.0 |
Hey @bamkrs , |
Instead of throwing an HTTP/500 (internal server error) Oat++ can now detect invalid body-dto's and throws an HTTP/400 (bad request) if the body-dto isn't parsable or the wrong body-dto.
There is however, a bug in the tests: After running the 400-Test (test/oatpp/web/FullTest.cpp#305) the following echo-test fails. Does the connection get closed because of a "failed" request?