search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
44.6k stars 5.45k forks source link

Wrong HTTP code response from API #483

Closed joubertredrat closed 3 years ago

joubertredrat commented 7 years ago

Description

Hi guys, I'm testing API calls and I found one error, as example below

GET v1/user/repos Get username repositories. But If I try with other method, the HTTP response is 415 or 404 as below:

curl -v --request POST --url https://try.gitea.io/api/v1/user/repos --header 'authorization: token my-awesome-hidden-token'

> POST /api/v1/user/repos HTTP/1.1
> User-Agent: curl/7.35.0
> Host: try.gitea.io
> Accept: */*
> authorization: token my-awesome-hidden-token
> 
< HTTP/1.1 415 Unsupported Media Type
< Content-Length: 70
< Content-Type: application/json; charset=utf-8
< Date: Mon, 26 Dec 2016 18:53:53 GMT
< Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
< Set-Cookie: i_like_gitea=my-hidden-cookie; Path=/; HttpOnly
< Set-Cookie: _csrf=hidden-too; Path=/; Expires=Tue, 27 Dec 2016 18:53:53 GMT; HttpOnly
< X-Frame-Options: SAMEORIGIN

curl -v --request PUT --url https://try.gitea.io/api/v1/user/repos --header 'authorization: token my-awesome-hidden-token'

> PUT /api/v1/user/repos HTTP/1.1
> User-Agent: curl/7.35.0
> Host: try.gitea.io
> Accept: */*
> authorization: token my-awesome-hidden-token
> 
< HTTP/1.1 404 Not Found
< Content-Length: 0
< Content-Type: text/plain; charset=utf-8
< Date: Mon, 26 Dec 2016 18:58:55 GMT
< Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
< Set-Cookie: i_like_gitea=my-hidden-cookie; Path=/; HttpOnly
< Set-Cookie: _csrf=hidden-too; Path=/; Expires=Tue, 27 Dec 2016 18:58:55 GMT; HttpOnly
< X-Frame-Options: SAMEORIGIN

The correct HTTP response in this case is 405 Method not allowed, as describle here, https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.6

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/40407086-wrong-http-code-response-from-api?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github).
tboerger commented 7 years ago

I don't think that we will define routes for all situations, so if there is no route defined a 404 response should be fine

joubertredrat commented 7 years ago

@tboerger yes, for now is working, but we need to consider to fix this on future because is a bug about API design.

Look how my API response this.

{"code":405,"message":"Method Not Allowed"}
bkcsoft commented 7 years ago

IMO we should just return

< HTTP/1.1 405 Method Not Allowed
< Content-Length: 70
< Content-Type: application/json; charset=utf-8
< Date: Mon, 26 Dec 2016 18:53:53 GMT
< Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
< Set-Cookie: i_like_gitea=my-hidden-cookie; Path=/; HttpOnly
< Set-Cookie: _csrf=hidden-too; Path=/; Expires=Tue, 27 Dec 2016 18:53:53 GMT; HttpOnly
< X-Frame-Options: SAMEORIGIN

Method Not Allowed

No need for json there :)

lunny commented 7 years ago

Any PR for this issue?

bkcsoft commented 7 years ago

@lunny issue is in macaron, not Gitea 🙁 And I think that most routers have this issue...

lunny commented 7 years ago

So we need to submit an issue to macaron?

bkcsoft commented 7 years ago

Yes