Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

response codes are not validated #36

Open
XSven opened this issue Mar 18, 2022 · 2 comments
Open

response codes are not validated #36

XSven opened this issue Mar 18, 2022 · 2 comments
Labels
enhancement

Comments

@XSven
Copy link

XSven commented Mar 18, 2022

I have a jenkins Open API specification. I am sending a Disable a job request

  '/job/{name}/disable':
    post:
      description: Disable a job
      operationId: postJobDisable
      parameters:
        - $ref: '#/components/parameters/jobName'
        - $ref: '#/components/parameters/crumb'
      responses:
        '200':
          description: Successfully disabled the job
        '401':
          $ref: '#/components/responses/unauthorized'
        '403':
          $ref: '#/components/responses/forbidden'
        '404':
          $ref: '#/components/responses/jobNotFound'
      security:
        - jenkins_auth: []
      tags:
        - remoteAccess

using the OpenAPI::Client (version 1.0.3) implementation. Although the jenkins response code is 302 which is not one of the specified response codes (200, 401, 403, 404), the client does not complain (dies) or at least warns the user.
@XSven XSven changed the title response codes are not validate response codes are not validated Mar 18, 2022
@jhthorsen
Copy link
Owner

The client doesn't validate the response. It only validates the request. I'm expecting the server to not send "junk" back... Maybe we could add a "strict" attribute or something that also will validate the response code, but I'm not sure when I'll get around to look at that.

@XSven
Copy link
Author

XSven commented Mar 19, 2022

The server did not send junk!

The fact that I have missed is that the Mojo::UserAgent does not follow redirection requests automatically. I have turned it on

$client->ua->max_redirects( 1 );

and started another attempt. Now the status was 404. But the jenkins job was properly disabled. So why 404 instead of 200?

Now I have read this HTTP 302 and stumbled over this sentence

Many web browsers implemented this code in a manner that violated this standard, changing the request type of the new request to GET, regardless of the type employed in the original request (e.g. POST)

I have debugged Mojo::UserAgent using the environment variable MOJO_CLIENT_DEBUG and strike: Although the jenkins disable job request was a POST request the Mojo::UserAgent uses GET for the redirection attempt. If the Wiki article is right Mojo::UserAgent violates the 302 redirection standard.

@XSven XSven mentioned this issue Mar 21, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jhthorsen @XSven