Skip to content

Fix API returning HTML error pages when user sends invalid JSON #11945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

Fix API returning HTML error pages when user sends invalid JSON #11945

wants to merge 3 commits into from
+77 −40

Conversation

@poikilotherm
Copy link
Contributor

@poikilotherm poikilotherm commented Oct 31, 2025
edited
Loading

What this PR does / why we need it:

Ensure any JSON parsing errors do not result in HTML error pages.

Which issue(s) this PR closes:

Special notes for your reviewer:

  1. Let me know if GSON, Jackson etc should be added to the list of implementations.
  2. Let me know if there should be a line in the API changelog about this. It affects a lot of API endpoints.

Suggestions on how to test this:
I added an API test with one of the affected endpoints. Just execute the test before applying the patches and after.

I also wanted to fix the catchall error handler I tried to implement some time ago. For that, I had to modify the logging in the JsonResponseBuilder. The situation where sending invalid JSON to the endpoints results in a HTML response was not reproducible for me. Please test again!

Here's how a response looks like when not applying the JSON error handler, but with the fix for the logging:

$ http POST http://localhost:8080/api/admin/bannerMessage --raw="{test}"
HTTP/1.1 500 Internal Server Error
Connection: close
Content-Length: 284
Content-Type: application/json;charset=UTF-8
Server: Payara Server 6.2025.3 #badassfish
X-Frame-Options: SAMEORIGIN
X-Powered-By: Servlet/6.0 JSP/3.1 (Payara Server 6.2025.3 #badassfish Java/Eclipse Adoptium/17)

{
    "code": 500,
    "incidentId": "5cbfad8c-4a7a-4faf-8470-42c684da9721",
    "interalError": "JsonParsingException",
    "message": "Internal server error. More details available at the server logs.",
    "requestMethod": "POST",
    "requestUrl": "http://localhost:8080/api/v1/admin/bannerMessage",
    "status": "ERROR"
}

With the JSON error handler, this is now an error 400 (as it should be), but in case other exceptions bubble up...

An example to test this with the JSON handler in place:

$ http PUT http://localhost:8080/api/admin/settings/test --raw="test"
HTTP/1.1 500 Internal Server Error
Connection: close
Content-Length: 319
Content-Type: application/json;charset=UTF-8
Server: Payara Server 6.2025.3 #badassfish
X-Frame-Options: SAMEORIGIN
X-Powered-By: Servlet/6.0 JSP/3.1 (Payara Server 6.2025.3 #badassfish Java/Eclipse Adoptium/17)

{
    "code": 500,
    "incidentId": "206716ef-f1de-4b5e-9e48-e7ed100f8e4f",
    "interalError": "RollbackException",
    "internalCause": "PersistenceException",
    "message": "Internal server error. More details available at the server logs.",
    "requestMethod": "PUT",
    "requestUrl": "http://localhost:8080/api/v1/admin/settings/test",
    "status": "ERROR"
}

As a curl command, this would be: curl -X PUT -d "test" http://localhost:8080/api/admin/settings/test
Watch the server log! 😄 (BTW I tested this with the Dockerized Dev Instance using mvn -Pct package docker:run)

Does this PR introduce a user interface change? If mockups are available, please link/include them here:
Not within the UI, but of course the API "user interface".

Is there a release notes update needed for this change?:
Maybe?

Additional documentation:
None?

@github-actions github-actions bot added the Type: Bug a defect label Oct 31, 2025
@poikilotherm poikilotherm changed the title 11717 fix api errors Fix API returning HTML error pages when user sends invalid JSON Oct 31, 2025
@coveralls
Copy link

coveralls commented Oct 31, 2025
edited
Loading

Coverage Status

coverage: 23.778%. remained the same
when pulling f0e2408 on 11717-fix-api-errors
into 53bff4c on develop.

@github-actions

This comment has been minimized.

Sign in to view
@poikilotherm poikilotherm added the Size: 3 A percentage of a sprint. 2.1 hours. label Oct 31, 2025
@poikilotherm poikilotherm added this to the 6.9 milestone Oct 31, 2025
@poikilotherm poikilotherm moved this to SPRINT READY in IQSS Dataverse Project Oct 31, 2025
@github-actions

This comment has been minimized.

Sign in to view
@pdurbin pdurbin moved this from SPRINT READY to Ready for Triage in IQSS Dataverse Project Nov 3, 2025
@scolapasta scolapasta moved this from Ready for Triage to Ready for Review ⏩ in IQSS Dataverse Project Nov 12, 2025
@cmbz cmbz added the FY26 Sprint 10 FY26 Sprint 10 (2025-11-05 - 2025-11-19) label Nov 20, 2025
@stevenwinship
Copy link
Contributor

stevenwinship commented Nov 21, 2025

@poikilotherm Please resolve conflicts

@cmbz cmbz added the FY26 Sprint 11 FY26 Sprint 11 (2025-11-20 - 2025-12-03) label Nov 22, 2025
@pdurbin pdurbin added the Status: Merge Conflicts Merge conflicts must be resolved. label Nov 24, 2025
@pdurbin pdurbin moved this from Ready for Review ⏩ to In Progress 💻 in IQSS Dataverse Project Nov 24, 2025
@pdurbin pdurbin modified the milestones: 6.9, 6.10 Nov 25, 2025
@pdurbin
Copy link
Member

pdurbin commented Nov 25, 2025

@poikilotherm I bumped this to 6.10. Also, please resolve merge conflicts. Thanks!

@poikilotherm
refactor(api): unify JSON exception handling with abstract handler #1…
f1bbbd2 
…1717

- Replaced `JsonParseExceptionHandler` with `JsonExceptionsHandler` to streamline exception handling
- Added mappers for `JsonParsingException` and `DvUtilJsonParseException`
@poikilotherm
test(api): add test case for invalid JSON in user creation API #11717
5e793d0 
- Ensured API returns `BAD_REQUEST` for malformed JSON input with appropriate error message validation
- Makes sure invalid JSON is not resulting in a HTML error page
@poikilotherm
fix(api): ensure JsonObjectBuilder consistency during logging and res…
b919120 
…ponse creation #11717

- Cloned JsonObjectBuilder to prevent unintended mutation
- Simplified metadata construction logic in logging
- This should allow us to no longer have HTML Error 500 pages, but a nicer JSON response.
@poikilotherm
Copy link
Contributor Author

poikilotherm commented Nov 28, 2025

@pdurbin I made a rebase and force pushed. There were ~300 commits missing, to this is the cleaner fix, avoiding any merge conflicts.

@github-actions
Copy link

github-actions bot commented Nov 28, 2025

📦 Pushed preview images as

ghcr.io/gdcc/dataverse:11717-fix-api-errors

ghcr.io/gdcc/configbaker:11717-fix-api-errors

🚢 See on GHCR. Use by referencing with full name as printed above, mind the registry name.

@poikilotherm poikilotherm mentioned this pull request Nov 28, 2025
Closed
@pdurbin pdurbin removed the Status: Merge Conflicts Merge conflicts must be resolved. label Dec 1, 2025
@pdurbin pdurbin moved this from In Progress 💻 to Ready for Review ⏩ in IQSS Dataverse Project Dec 1, 2025
@cmbz cmbz added the FY26 Sprint 12 FY26 Sprint 12 (2025-12-03 - 2025-12-17) label Dec 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pdurbin pdurbin Awaiting requested review from pdurbin

@ofahimIQSS ofahimIQSS Awaiting requested review from ofahimIQSS

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

FY26 Sprint 10 FY26 Sprint 10 (2025-11-05 - 2025-11-19) FY26 Sprint 11 FY26 Sprint 11 (2025-11-20 - 2025-12-03) FY26 Sprint 12 FY26 Sprint 12 (2025-12-03 - 2025-12-17) Size: 3 A percentage of a sprint. 2.1 hours. Type: Bug a defect

Projects

IQSS Dataverse Project
Status: Ready for Review ⏩

Milestone

6.10

Development

Successfully merging this pull request may close these issues.

Malformed JSON input to multiple API endpoints returns HTTP 500 HTML instead of HTTP 400 JSON error

6 participants

@poikilotherm @coveralls @stevenwinship @pdurbin @cmbz