I was wondering if there is a way to specify a custom status code to be returned when the jwt validation fails in envoy.filters.http.jwt_authn. Normally this returns a 401 status code but I would like to change it to a custom status code like 443.
I would like to do this because I need a way to somehow, in my client, differentiate between the 401 that envoy could return and the 401 that the server behind envoy may return. I hope I made myself clear.
Local reply modification can modify the response by Envoy itself.
Please try the configuration if it can meet your requirement.
Related
Part of my rest API calls and external service. This service could, of course, fail for any reason. What's the suggested code that my API should return to the client?
500 Internal Server Error seems inappropriate: why would I return 500 for something that is not "my fault"?
In this specific case:
the user try to place an order
If order is invalid, 400 would be returned
If order is valid, the order is sent to the external API (which may fail)
The appropriate status code should be returned to the client
From this post (HTTP status code for temporarily unavailable pages) it seems like in this situation 503 Service Unavailable is the most appropriate which I myself would also do in this situation.
Is it possible to intercept the request going through Charles and immediately return 500 error code without sending this request to the server?
Can't find any information on this. All resources suggest to wait for the response and then change HTTP response code to 500.
I assume you have already tried adding a rewrite rule to make the request to be returned with the 500 status. Have you tried combining this with a map local, to an empty file on your disk, for instance? It may work.
If this doesn't work too, I think I would do a Map Remote to another path on my localhost (for instance: http://localhost:8081/exected-response-500) and make that URL to return the 500 status error (in my case I would use a basic Spring Boot app to achieve this).
I am developing a project which can disable a particular REST URI at runtime so that consumers will get an error. I have created interface/controller for disabling a URI. But I can not figure out how to disable it.
I thought of setting disable flag for the URI and sending blank data, but consumer needs to see an error.
I can not use Response every where.
Need Help
Implement a ContainerRequestFilter(more on filters), which when a specific criteria is met will call:
ContainerRequestContext.abortWith(javax.ws.rs.core.Response)
with a proper HTTP status code.
My payment endpoint which accepts a POST should deny requests when the user does not have any payment methods configured. What is the correct HTTP status code in this case?
What is the correct HTTP status code to be raised when the system itself cannot reach the state asked for by the request and another request (creating a payment method) must be completed first?
I looked at 428 Precondition Required, but that seems to have more to do with the headers than the state of the system.
I would go simply with 400 Bad Request. If you need more specific instructions or hints in the response, you can return a body, which will indicate the exact nature of the error.
You don't need to assign a specific HTTP error code to all your internal business-related error cases. Indeed this is probably not possible anyway.
The specification on 400: https://www.rfc-editor.org/rfc/rfc7231#section-6.5.1
Relevant quotes from there:
indicates that the server cannot or will not process the request due to something that is perceived to be a client error
And about the 4xx codes in general:
the server SHOULD send a representation containing an explanation of the error situation, and whether it is a temporary or permanent condition
Did you look into error 424 Failed_Dependency? I think this could bethe one you want.
See
http://www.restpatterns.org/HTTP_Status_Codes/424_-_Failed_Dependency
One of the method that I am testing sends a XMLHttpRequest to "http://localhost:4848/qrs/extension/schema?xrfkey=asdfasdfdf". I am getting an error which looks like this -
XMLHttpRequest cannot load http://localhost:4848/qrs/extension/schema?xrfkey=asdfasdfdf. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9875' is therefore not allowed access. The response had HTTP status code 404.
Now I understand that test are served on "localhost:9876", and trying access localhost:4848 is actually violating cross domain policy. I have seen the karma proxy settings and tried -
proxies: {
'/qrs': 'http://localhost:4848/qrs'
}
But doing this actually serves my content from "http://localhost:9876/qrs/extension/schema?xrfkey=asdfasdfdf". But this way my client code will not work. Because client code directly sends XHR request to "http://localhost:4848/qrs/.....", but NOT to "http://localhost:9876/qrs/.....".
Any suggestion how can I solve this?
Also, wouldn't it be better to have an option to set different headers in the config file? At lest we know that we are talking about test here (I mean not in production).
Thanks in advance.