Malformed JSON input to multiple API endpoints returns HTTP 500 HTML instead of HTTP 400 JSON error #11717
Description
Description
When sending malformed JSON (missing the opening {) to API endpoints that accept JsonObject parameters, several endpoints returned HTTP 500 Internal Server Error with an HTML response instead of HTTP 400 Bad Request with a JSON error message.
Test Results
| Endpoint | HTTP Status Returned |
|---|---|
/api/admin/bannerMessage" |
100 |
/api/admin/savedsearches" |
100 |
/api/admin/workflows" |
100 |
/api/admin/groups/ip" |
500 |
/api/admin/settings" |
100 |
/api/admin/authenticatedUsers" |
100 |
/api/admin/signedUrl" |
100 |
/api/admin/groups/ip" |
100 |
/api/admin/groups/ip/testgroup" |
100 |
/api/admin/groups/shib" |
100 |
/api/admin/storageSites" |
500 |
/api/admin/groups/domain" |
100 |
/api/admin/groups/domain/testalias" |
100 |
/api/admin/feedback" |
100 |
/api/datasets/1/checksumValidationResults" |
100 |
/api/datasets/1/tags/123" |
100 |
/api/admin/storageSites" |
100 |
Expected Result
For malformed JSON input, all endpoints should return:
HTTP/1.1 400 Bad Request
Content-Type: application/json{ "status": "ERROR", "message": "Invalid JSON" }Actual Result
- Many endpoints returned
500 Internal Server Errorwith HTML error pages. - Some endpoints returned unexpected codes (e.g.,
100 Continuewith no follow-up).
Steps to Reproduce
- Create a malformed JSON file:
cat > /tmp/bad.json <<EOF
"foo": "bar"
}
EOF- Send to an endpoint, for example:
curl -X POST "http://localhost:8080/api/admin/bannerMessage" \
-H "Content-type: application/json" \
-H "X-Dataverse-key: <ADMIN_API_KEY>" \
--upload-file /tmp/bad.json -v- Observe the HTTP status and response format.
Affected Endpoints (from initial tests)
- See table above; more endpoints may be affected based on Phil's list.