Skip to content

Strict mode error is now 400 instead of 403 #6560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 20, 2025
Merged

Strict mode error is now 400 instead of 403 #6560

merged 2 commits into from
May 20, 2025

Conversation

generall
Copy link
Member

@generall generall commented May 20, 2025
edited by timvisee
Loading

Fixes #6555

@generall generall requested a review from timvisee May 20, 2025 12:04
@coderabbitai coderabbitai

This comment was marked as resolved.

Sign in to view
timvisee
timvisee approved these changes May 20, 2025
View reviewed changes
Copy link
Member

@timvisee timvisee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Motivation for this change:

By returning HTTP 400 on strict mode errors, we can distinguish it from API key errors which uses HTTP 401/403.

@timvisee timvisee changed the title strcit mode error is now 400 instead of 403 Strict mode error is now 400 instead of 403 May 20, 2025
coderabbitai[bot]
coderabbitai bot reviewed May 20, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
tests/openapi/test_strictmode.py (1)

1690-1922: Consider adding explicit status code assertions

While the error message assertions correctly validate the removal of the "Forbidden:" prefix, adding explicit status code checks would ensure the complete validation of the error categorization change from 403 to 400.

Example implementation:

 response = request_with_validation(...)
 assert not response.ok
+assert response.status_code == 400
 assert "Limit exceeded 30 > 15 for \"limit\"" in response.json()['status']['error']

This pattern could be applied to all the error response tests to explicitly validate that the HTTP status code is 400 (Bad Request) rather than 403 (Forbidden).

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6819a15 and 66a09a6.

📒 Files selected for processing (1)
  • tests/openapi/test_strictmode.py (7 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (13)
  • GitHub Check: test-shard-snapshot-api-s3-minio
  • GitHub Check: test-snapshot-operations-s3-minio
  • GitHub Check: test-low-resources
  • GitHub Check: test-consistency
  • GitHub Check: test-consensus-compose
  • GitHub Check: integration-tests
  • GitHub Check: Basic TLS/HTTPS tests
  • GitHub Check: integration-tests-consensus
  • GitHub Check: rust-tests (windows-latest)
  • GitHub Check: rust-tests (ubuntu-latest)
  • GitHub Check: rust-tests (macos-latest)
  • GitHub Check: lint
  • GitHub Check: storage-compat-test
🔇 Additional comments (7)
tests/openapi/test_strictmode.py (7)

1691-1691: LGTM! The error message no longer includes "Forbidden:" prefix.

The assertion has been updated to match the new error message format after the change from 403 Forbidden to 400 Bad Request.

1706-1706: LGTM! The error message no longer includes "Forbidden:" prefix.

The assertion has been updated to match the new error message format after the change from 403 Forbidden to 400 Bad Request.

1736-1736: LGTM! The error message no longer includes "Forbidden:" prefix.

The assertion has been updated to match the new error message format after the change from 403 Forbidden to 400 Bad Request.

1863-1863: LGTM! The error message no longer includes "Forbidden:" prefix.

The assertion has been updated to match the new error message format after the change from 403 Forbidden to 400 Bad Request.

1878-1878: LGTM! The error message no longer includes "Forbidden:" prefix.

The assertion has been updated to match the new error message format after the change from 403 Forbidden to 400 Bad Request.

1907-1907: LGTM! The error message no longer includes "Forbidden:" prefix.

The assertion has been updated to match the new error message format after the change from 403 Forbidden to 400 Bad Request.

1922-1922: LGTM! The error message no longer includes "Forbidden:" prefix.

The assertion has been updated to match the new error message format after the change from 403 Forbidden to 400 Bad Request.

@generall generall merged commit b92a322 into dev May 20, 2025
24 of 25 checks passed
@generall generall deleted the strcit-mode-400 branch May 20, 2025 13:19
generall added a commit that referenced this pull request May 22, 2025
@generall
Strict mode error is now 400 instead of 403 (#6560)
7872c18 
* strcit mode error is now 400 instead of 403

* fix test
n0x29a pushed a commit that referenced this pull request May 23, 2025
@generall @n0x29a
Strict mode error is now 400 instead of 403 (#6560)
3fb6068 
* strcit mode error is now 400 instead of 403

* fix test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@timvisee timvisee timvisee approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@generall @timvisee