Section
The server's responses; specifically, the bodies.
Problem
Many requests -- see specifically unauthorized requests and nonexistent URLs -- return HTML responses instead of JSON like everything else. For example, hitting an endpoint that requires authorization without it gives:
<!doctype html><html lang="en"><head><title>HTTP Status 403 – Forbidden</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1></body></html>
That should probably return something more like:
{"error":"Authorization insufficient to hit endpoint","fix":"Authenticate as a user allowed to access this endpoint."}
Solution
I'm fairly sure this can be done with a custom AuthenticationEntryPoint, but this needs to be investigated.
Additional notes
While fixing this, maybe also fix the issue where 401s are reported as 403s?
Section
The server's responses; specifically, the bodies.
Problem
Many requests -- see specifically unauthorized requests and nonexistent URLs -- return HTML responses instead of JSON like everything else. For example, hitting an endpoint that requires authorization without it gives:
That should probably return something more like:
Solution
I'm fairly sure this can be done with a custom
AuthenticationEntryPoint, but this needs to be investigated.Additional notes
While fixing this, maybe also fix the issue where 401s are reported as 403s?