Kong not compatible with rfc7807

Kong / kong

🦍 The Cloud-Native API Gateway and AI Gateway.

https://konghq.com/install/#kong-community

Apache License 2.0

39.25k stars 4.81k forks source link

Kong not compatible with rfc7807 #5402

Closed derba closed 3 years ago

derba commented 4 years ago

Summary

When I send a bad POST request, e.g. trying to add a service plug-in without its name being defined, then I get 4xx answer with a JSON detailing the problem. But content-type is not set according to RFC7807. That should be application/problem+json.

Steps To Reproduce

curl -v -X POST http://localhost:8001/services/myservice/plugins -H 'Content-Type: application/json' --data '{}'
Check the output.

Additional Details & Logs

Kong version 1.1.1
Operating system Linux

p0pr0ck5 commented 4 years ago

I'm not sure that this is an issue, as I don't believe Kong tries to be compatible with this RFC.

@derba would you consider submitting a PR for this feature, so we can discuss there?

derba commented 4 years ago

Oh my. I have never made any pull requests on GitHub. And I am not familiar with Kong's code. And have never coded in Lua...

I guess it is a good start to duplicate HEADERS_JSON and TYPE_JSON in kong/api/error_handlers.lua. And check for Accept header application/problem+json before TYPE_JSON.

And probably a new template would be more rfc7807-like:

local PROBLEM_JSON_TEMPLATE = [[
{
  "type": "https://konghq.com/admin-api",
  "title": "Kong Admin API Error"
  "detail": "%s"
}
]]

I have actually no idea what URI to put to type field.

derba commented 3 years ago

I think it is not an important issue, after all. Type application/problem+json is rarely used. And if a clients sends Accept: */* then the suggested change might cause unexpected behavior.