New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
determine_format: handle malformed HTTP Accept values #519
determine_format: handle malformed HTTP Accept values #519
Conversation
You can test the current behaviour trivially:
From what I've been able to tell, the primary source of this is a web spider run by Sogou, the Chinese search engine, with this user-agent:
|
What is the accept header that they're using? |
I didn't have that value logged before this morning so all I know is that it didn't have a |
Mostly I ask because I think that there's a difference between the "right" technical thing, and the "right" user-facing behavior. Returning json for "application/xlm" is different than returning json for "". I'm not sure that a 500 is incorrect really. |
I was thinking about that earlier this afternoon - arguably the best response would be a 400 since it's only possible to get this by sending an incorrectly formed request. |
Yup, you're right, this isn't arguable, something in the 4xx series is definitely correct. User Screwed Up. |
Excellent - I'll be sure to return exactly that message ;) |
I've pushed out some changes which now return an HTTP 400. This also appears to fix another potential problem in the |
LGTM thanks. I'll grab this next time I get a chance to run a couple commits. |
Sorry for the delay on this one. Any chance you could update it to work post-SHA: 3ee47fb please? Otherwise looks good to merge to me. |
Ah, I'd forgotten about this one. I'll rebase my branch against the current master |
I just rebased it, updated for some subsequent API changes in Resource, and split the test into two tests (one for resource lists, the other for the resource itself). At this point the tests pass for me. cd631ae is an unrelated compulsive moment but I got tired of excluding the one flake8 error in mime.py |
@issackelly Is there anything I can do to help get this merged in? I'd like to make the next release if possible so I can stop deploying a fork. |
I hate to be that guy, but there really ought to be a test in https://github.com/toastdriven/django-tastypie/blob/master/tests/core/tests/utils.py#L17 to assert what happens when a bad format is passed. Then I'd be all for shipping it. |
Good point - the implicit checks at the view level aren't as focused. Chris On Friday, February 15, 2013 at 2:45 PM, Daniel Lindsley wrote:
|
Some clients cause tastypie to return a 500 error because they send a request with an HTTP Accept header which contains an invalid MIME type (e.g. any value without a "/" other than "*", which mimeparse handles). determine_format() now raises BadRequest any time mimeparse fails. Resources now handle this by returning HTTP 400 immediately rather than the normal error response
I've updated the branch with a low-level test to confirm directly that determine_format raises a BadRequest |
Altered ``determine_format`` to handle malformed HTTP Accept values.
Some clients cause tastypie to return a 500 error because they send a request
with an HTTP Accept header which contains an invalid MIME type (e.g. any
value without a "/" other than "*", which mimeparse handles).
This patch simply causes tastypie to catch the ValueError and fail down to
the default format