Wrong HTTP code response from API #160

Closed
opened 2025-11-02 03:11:25 -06:00 by GiteaMirror · 7 comments
Owner

Originally created by @joubertredrat on GitHub (Dec 26, 2016).

  • Gitea version (or commit ref):
  • Git version:
  • Operating system:
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

Hi guys, I'm testing API calls and I found one error, as example below

GET v1/user/repos Get username repositories. But If I try with other method, the HTTP response is 415 or 404 as below:

curl -v --request POST --url https://try.gitea.io/api/v1/user/repos --header 'authorization: token my-awesome-hidden-token'

> POST /api/v1/user/repos HTTP/1.1
> User-Agent: curl/7.35.0
> Host: try.gitea.io
> Accept: */*
> authorization: token my-awesome-hidden-token
> 
< HTTP/1.1 415 Unsupported Media Type
< Content-Length: 70
< Content-Type: application/json; charset=utf-8
< Date: Mon, 26 Dec 2016 18:53:53 GMT
< Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
< Set-Cookie: i_like_gitea=my-hidden-cookie; Path=/; HttpOnly
< Set-Cookie: _csrf=hidden-too; Path=/; Expires=Tue, 27 Dec 2016 18:53:53 GMT; HttpOnly
< X-Frame-Options: SAMEORIGIN

curl -v --request PUT --url https://try.gitea.io/api/v1/user/repos --header 'authorization: token my-awesome-hidden-token'

> PUT /api/v1/user/repos HTTP/1.1
> User-Agent: curl/7.35.0
> Host: try.gitea.io
> Accept: */*
> authorization: token my-awesome-hidden-token
> 
< HTTP/1.1 404 Not Found
< Content-Length: 0
< Content-Type: text/plain; charset=utf-8
< Date: Mon, 26 Dec 2016 18:58:55 GMT
< Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
< Set-Cookie: i_like_gitea=my-hidden-cookie; Path=/; HttpOnly
< Set-Cookie: _csrf=hidden-too; Path=/; Expires=Tue, 27 Dec 2016 18:58:55 GMT; HttpOnly
< X-Frame-Options: SAMEORIGIN

The correct HTTP response in this case is 405 Method not allowed, as describle here, https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.6

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/40407086-wrong-http-code-response-from-api?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github).
Originally created by @joubertredrat on GitHub (Dec 26, 2016). - Gitea version (or commit ref): - Git version: - Operating system: - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [x] Yes (provide example URL) - [ ] No - [ ] Not relevant - Log gist: ## Description Hi guys, I'm testing API calls and I found one error, as example below `GET v1/user/repos` Get username repositories. But If I try with other method, the HTTP response is `415` or `404` as below: ```bash curl -v --request POST --url https://try.gitea.io/api/v1/user/repos --header 'authorization: token my-awesome-hidden-token' > POST /api/v1/user/repos HTTP/1.1 > User-Agent: curl/7.35.0 > Host: try.gitea.io > Accept: */* > authorization: token my-awesome-hidden-token > < HTTP/1.1 415 Unsupported Media Type < Content-Length: 70 < Content-Type: application/json; charset=utf-8 < Date: Mon, 26 Dec 2016 18:53:53 GMT < Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647 < Set-Cookie: i_like_gitea=my-hidden-cookie; Path=/; HttpOnly < Set-Cookie: _csrf=hidden-too; Path=/; Expires=Tue, 27 Dec 2016 18:53:53 GMT; HttpOnly < X-Frame-Options: SAMEORIGIN curl -v --request PUT --url https://try.gitea.io/api/v1/user/repos --header 'authorization: token my-awesome-hidden-token' > PUT /api/v1/user/repos HTTP/1.1 > User-Agent: curl/7.35.0 > Host: try.gitea.io > Accept: */* > authorization: token my-awesome-hidden-token > < HTTP/1.1 404 Not Found < Content-Length: 0 < Content-Type: text/plain; charset=utf-8 < Date: Mon, 26 Dec 2016 18:58:55 GMT < Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647 < Set-Cookie: i_like_gitea=my-hidden-cookie; Path=/; HttpOnly < Set-Cookie: _csrf=hidden-too; Path=/; Expires=Tue, 27 Dec 2016 18:58:55 GMT; HttpOnly < X-Frame-Options: SAMEORIGIN ``` The correct HTTP response in this case is `405 Method not allowed`, as describle here, https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.6 <bountysource-plugin> --- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/40407086-wrong-http-code-response-from-api?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github). </bountysource-plugin>
GiteaMirror added the type/enhancementtype/upstreammodifies/api labels 2025-11-02 03:11:25 -06:00
Author
Owner

@tboerger commented on GitHub (Dec 26, 2016):

I don't think that we will define routes for all situations, so if there is no route defined a 404 response should be fine

@tboerger commented on GitHub (Dec 26, 2016): I don't think that we will define routes for all situations, so if there is no route defined a 404 response should be fine
Author
Owner

@joubertredrat commented on GitHub (Dec 27, 2016):

@tboerger yes, for now is working, but we need to consider to fix this on future because is a bug about API design.

Look how my API response this.

{"code":405,"message":"Method Not Allowed"}
@joubertredrat commented on GitHub (Dec 27, 2016): @tboerger yes, for now is working, but we need to consider to fix this on future because is a bug about API design. Look how my API response this. ```json {"code":405,"message":"Method Not Allowed"} ```
Author
Owner

@bkcsoft commented on GitHub (Dec 29, 2016):

IMO we should just return

< HTTP/1.1 405 Method Not Allowed
< Content-Length: 70
< Content-Type: application/json; charset=utf-8
< Date: Mon, 26 Dec 2016 18:53:53 GMT
< Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
< Set-Cookie: i_like_gitea=my-hidden-cookie; Path=/; HttpOnly
< Set-Cookie: _csrf=hidden-too; Path=/; Expires=Tue, 27 Dec 2016 18:53:53 GMT; HttpOnly
< X-Frame-Options: SAMEORIGIN

Method Not Allowed

No need for json there :)

@bkcsoft commented on GitHub (Dec 29, 2016): IMO we should just return ``` < HTTP/1.1 405 Method Not Allowed < Content-Length: 70 < Content-Type: application/json; charset=utf-8 < Date: Mon, 26 Dec 2016 18:53:53 GMT < Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647 < Set-Cookie: i_like_gitea=my-hidden-cookie; Path=/; HttpOnly < Set-Cookie: _csrf=hidden-too; Path=/; Expires=Tue, 27 Dec 2016 18:53:53 GMT; HttpOnly < X-Frame-Options: SAMEORIGIN Method Not Allowed ``` No need for json there :)
Author
Owner

@lunny commented on GitHub (Jan 25, 2017):

Any PR for this issue?

@lunny commented on GitHub (Jan 25, 2017): Any PR for this issue?
Author
Owner

@bkcsoft commented on GitHub (Feb 12, 2017):

@lunny issue is in macaron, not Gitea 🙁 And I think that most routers have this issue...

@bkcsoft commented on GitHub (Feb 12, 2017): @lunny issue is in macaron, not Gitea 🙁 And I think that most routers have this issue...
Author
Owner

@lunny commented on GitHub (Feb 12, 2017):

So we need to submit an issue to macaron?

@lunny commented on GitHub (Feb 12, 2017): So we need to submit an issue to macaron?
Author
Owner

@bkcsoft commented on GitHub (Feb 12, 2017):

Yes

@bkcsoft commented on GitHub (Feb 12, 2017): Yes
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#160