You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I accidentally set Error Data / API Key Missing to a string that wasn't valid YAML. This seems to have thrown an caught error somewhere, because our entire API went down until I fixed the markup. I would expect the admin interface to refuse any invalid markup to protect careless people like me from themselves.
The text was updated successfully, but these errors were encountered:
GUI
added a commit
to NREL/api-umbrella-gatekeeper
that referenced
this issue
Jun 15, 2015
Related to it being possible to enter invalid error data (but valid
YAML) via the web UI: NREL/api-umbrella#153
In these cases, we will now return the default internal server error,
which at least prevents bad error responses without an HTTP status code
at all, which could really throw some clients for a tizzy.
GUI
added a commit
to NREL/api-umbrella-web
that referenced
this issue
Jun 15, 2015
Thanks for reporting this and your help tracking it down. As we discussed, the issue was caused if you entered something like foo (without any key value pairs) into the error data YAML field. While we were already validating that the input was valid YAML, we had missed validating whether the parsed YAML was of the expected type (the top-level object must be hash in this case). When an unexpected type, like a top-level string, got entered what happened was that it override the default error variables, which meant when that specific error was being rendered, lot's of weird things may have happened, like the error response being without an HTTP status code (however, the bug should have only impacted the specific error responses and not the overall API).
I was pushing some other updates live, so I went ahead and added some fixes for this:
https://github.com/NREL/api-umbrella-gatekeeper/pull/18/files ensures that even if invalid, unexpected configuration gets into place our proxy will handle it a little more gracefully (a 500 internal server error will be returned and an error will be logged, rather than the odd http status codeless responses).
I accidentally set Error Data / API Key Missing to a string that wasn't valid YAML. This seems to have thrown an caught error somewhere, because our entire API went down until I fixed the markup. I would expect the admin interface to refuse any invalid markup to protect careless people like me from themselves.
The text was updated successfully, but these errors were encountered: