apache/apisix

request help: the format of response body that returned by plugin should match Content-Type

Open

#8.511 aberto em 13 de dez. de 2022

Ver no GitHub
 (10 comments) (1 reaction) (1 assignee)Lua (2.860 forks)batch import
good first issue

Métricas do repositório

Stars
 (16.597 stars)
Métricas de merge de PR
 (Mesclagem média 6d 8h) (109 fundiu PRs em 30d)

Description

Step 1 Create a route with consumer restriction

curl --location --request PUT ".../apisix/admin/routes/content-type" \
--header "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" \
--header "Content-Type: application/json" \
--data-raw "{
    \"methods\": [
        \"GET\"
    ],
    \"plugins\": {
        \"consumer-restriction\": {
            \"whitelist\": [
                \"nobody\"
            ]
        }
    },
    \"uri\": \"/content-type/get\"
}"

Step 2 Try to consume the route without being identified to raise an error I said i want application/json response :

curl --location --request GET ".../content-type/get" \
--header "Accept: application/json"

Response is :

# http code
401
# body 
{"message":"Missing authentication or identity verification."}
# In headers : 
Content-Type:  text/plain; charset=utf-8

The Content-Type header should be : application/json as it is in fact a Json in response.

This issue is not on "consumer-restriction"plugin only, it also happen for the key-auth plugin when you provide a wrong key, and i guess it is a .general plugin error behavior. I think it should exist a general common way to respond error from plugin to allow manage right content-type depending the response format. For example in case of a request like :

curl --location --request GET "..../content-type/get" \
--header "Accept: application/xml"

i expect a response like

# body 
<message>Missing authentication or identity verification.</message>
# In headers : 
Content-Type:  application/xml; charset=utf-8

In case of unknow accept or not managed, here we go for text/plain :

--header "Accept: */*"

Response should be something like :

# body 
Missing authentication or identity verification.
# In headers : 
Content-Type:  text/plain; charset=utf-8

Originally posted by @MekelCon in https://github.com/apache/apisix/discussions/8504#discussioncomment-4386548

Guia do colaborador