Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conjur returns 500 error on empty request body #1968

Closed
1 of 3 tasks
telday opened this issue Dec 7, 2020 · 4 comments · Fixed by #1981
Closed
1 of 3 tasks

Conjur returns 500 error on empty request body #1968

telday opened this issue Dec 7, 2020 · 4 comments · Fixed by #1981
Assignees
@telday
Labels
component/conjur kind/bug

Comments

@telday
Copy link
Contributor

telday commented Dec 7, 2020

Summary

When a request is made to Conjur with an empty body but the header Content-Type: application/json the server will attempt to parse the request body and throw an uncaught error because it is invalid JSON.

Steps to Reproduce

This is known to happen on the /host_factory_tokens endpoint using the DELETE method

  1. Create a request with an empty body and the Content-Type: application/json header
  2. Send the request to the server

Expected Results

The server should handle the error nicely and return a 400 to the user.

Actual Results (including error logs, if applicable)

A 500 error (and an HTML page) is returned

Reproducible

  • Always
  • Sometimes
  • Non-Reproducible

Environment setup

Running in a docker-compose environment from the cyberark/conjur:1.9 image.
@telday telday changed the title Conjur returns 500 error on empty to parse request body Conjur returns 500 error on empty request body Dec 7, 2020
@telday telday mentioned this issue Dec 7, 2020
Closed
@telday telday self-assigned this Dec 17, 2020
@telday telday mentioned this issue Dec 17, 2020
Merged
6 tasks
@boazmichaely
Copy link

@alexkalish is this a breaking change ?

@alexkalish
Copy link
Contributor

@boazmichaely: Not sure. I'll dive in later this week when I start the release notes.

@alexkalish
Copy link
Contributor

@telday: Do you know if the CLI or any of the official API clients send this content type with empty request bodies?

@telday
Copy link
Contributor Author

telday commented Apr 5, 2021

@alexkalish To my knowledge neither the Ruby or Go clients create requests like this (also haven't seen it in the Ruby CLI). The reason I came across it was because the generated clients often do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@telday telday

Labels
component/conjur kind/bug
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Body parser now raises proper error on invalid request body cyberark/conjur
3 participants
@alexkalish @telday @boazmichaely