HTTP 400 - Githubissues

strogonoff commented 4 years ago

This is a probably incomplete list of SCS for which API returns HTTP 400:

cn-chn-Hans-Latn-pinyin
icao-heb-Hebr-Latn-9303
icao-gre-Grek-Latn-9303
icao-per-Arab-Latn-9303

Here is a cURL used for cn-chn-Hans-Latn-pinyin:

curl 'https://api.interscript.com/' \
-X 'POST' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json' \
-H 'Origin: https://www.interscript.com' \
-H 'Content-Length: 68' \
-H 'Accept-Language: en-gb' \
-H 'Host: api.interscript.com' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15' \
-H 'Referer: https://www.interscript.com/' \
-H 'Accept-Encoding: gzip, deflate, br' \
-H 'Connection: keep-alive' \
--data-binary $'{transliterate(systemCode: "cn-chn-Hans-Latn-pinyin", input: "\u6211")}'

The response contains some system specifics (which could be considered a security hole but I guess is not since we are using Lambda?); e.g.:

(/var/task/vendor/bundle/ruby/2.7.0/gems/interscript-0.1.2/maps/cn-chn-Hans-Latn-pinyin.yaml): invalid leading UTF-8 octet at line 1 column 1

I suggest the following:

Return HTTP 500 if nothing is wrong with request
If something is wrong with request, then document what is wrong and keep returning HTTP 400
Handle errors and return something more descriptive (e.g., “wrong encoding”, “sample text doesn’t match specified writing system”, etc.)

ronaldtse commented 4 years ago

Thanks for the report!

I think icao-per-Arab-Latn-9303 should not even work.

Return HTTP 500 if nothing is wrong with request

Did you mean something else?

Agree with all the rest.

strogonoff commented 4 years ago

No I meant it. HTTP 400 is for a malformed request. HTTP 500 is for a server failure despite correct request.

On 13 Aug 2020, at 12:51 AM, Ronald Tse notifications@github.com wrote:

Thanks for the report!

I think icao-per-Arab-Latn-9303 should not even work.

Return HTTP 500 if nothing is wrong with request

Did you mean something else?

Agree with all the rest.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

ronaldtse commented 4 years ago

Oh! Thanks for the clarification... Now I realize you meant "Return HTTP 500 if the request is correct but led to a server error" :wink:

ronaldtse commented 3 years ago

@phuonghuynh can you check if this is still present? If not we should close this.

webdev778 commented 1 year ago

Still present:

https://github.com/interscript/interscript-api/blob/main/lib/interscript-api/lambda_function.rb#L40

interscript / interscript-api

HTTP 400 #11