Skip to content

Fix API returning HTML error pages when user sends invalid JSON #11945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sekmiller merged 5 commits into from
Dec 22, 2025
Merged

Fix API returning HTML error pages when user sends invalid JSON #11945

sekmiller merged 5 commits into from
Dec 22, 2025
+77 −40

Conversation

@poikilotherm
Copy link
Contributor

@poikilotherm poikilotherm commented Oct 31, 2025
edited
Loading

What this PR does / why we need it:

Ensure any JSON parsing errors do not result in HTML error pages.

Which issue(s) this PR closes:

Special notes for your reviewer:

  1. Let me know if GSON, Jackson etc should be added to the list of implementations.
  2. Let me know if there should be a line in the API changelog about this. It affects a lot of API endpoints.

Suggestions on how to test this:
I added an API test with one of the affected endpoints. Just execute the test before applying the patches and after.

I also wanted to fix the catchall error handler I tried to implement some time ago. For that, I had to modify the logging in the JsonResponseBuilder. The situation where sending invalid JSON to the endpoints results in a HTML response was not reproducible for me. Please test again!

Here's how a response looks like when not applying the JSON error handler, but with the fix for the logging:

$ http POST http://localhost:8080/api/admin/bannerMessage --raw="{test}"
HTTP/1.1 500 Internal Server Error
Connection: close
Content-Length: 284
Content-Type: application/json;charset=UTF-8
Server: Payara Server 6.2025.3 #badassfish
X-Frame-Options: SAMEORIGIN
X-Powered-By: Servlet/6.0 JSP/3.1 (Payara Server 6.2025.3 #badassfish Java/Eclipse Adoptium/17)

{
    "code": 500,
    "incidentId": "5cbfad8c-4a7a-4faf-8470-42c684da9721",
    "interalError": "JsonParsingException",
    "message": "Internal server error. More details available at the server logs.",
    "requestMethod": "POST",
    "requestUrl": "http://localhost:8080/api/v1/admin/bannerMessage",
    "status": "ERROR"
}

With the JSON error handler, this is now an error 400 (as it should be), but in case other exceptions bubble up...

An example to test this with the JSON handler in place:

$ http PUT http://localhost:8080/api/admin/settings/test --raw="test"
HTTP/1.1 500 Internal Server Error
Connection: close
Content-Length: 319
Content-Type: application/json;charset=UTF-8
Server: Payara Server 6.2025.3 #badassfish
X-Frame-Options: SAMEORIGIN
X-Powered-By: Servlet/6.0 JSP/3.1 (Payara Server 6.2025.3 #badassfish Java/Eclipse Adoptium/17)

{
    "code": 500,
    "incidentId": "206716ef-f1de-4b5e-9e48-e7ed100f8e4f",
    "interalError": "RollbackException",
    "internalCause": "PersistenceException",
    "message": "Internal server error. More details available at the server logs.",
    "requestMethod": "PUT",
    "requestUrl": "http://localhost:8080/api/v1/admin/settings/test",
    "status": "ERROR"
}

As a curl command, this would be: curl -X PUT -d "test" http://localhost:8080/api/admin/settings/test
Watch the server log! 😄 (BTW I tested this with the Dockerized Dev Instance using mvn -Pct package docker:run)

Does this PR introduce a user interface change? If mockups are available, please link/include them here:
Not within the UI, but of course the API "user interface".

Is there a release notes update needed for this change?:
Maybe?

Additional documentation:
None?

@github-actions github-actions bot added the Type: Bug a defect label Oct 31, 2025
@poikilotherm poikilotherm changed the title 11717 fix api errors Fix API returning HTML error pages when user sends invalid JSON Oct 31, 2025
@coveralls
Copy link

coveralls commented Oct 31, 2025
edited
Loading

Coverage Status

coverage: 24.232% (-0.001%) from 24.233%
when pulling 67301a3 on 11717-fix-api-errors
into faff4ec on develop.

@github-actions

This comment has been minimized.

Sign in to view
@poikilotherm poikilotherm added the Size: 3 A percentage of a sprint. 2.1 hours. label Oct 31, 2025
@poikilotherm poikilotherm added this to the 6.9 milestone Oct 31, 2025
@poikilotherm poikilotherm moved this to SPRINT READY in IQSS Dataverse Project Oct 31, 2025
@github-actions

This comment has been minimized.

Sign in to view
@pdurbin pdurbin moved this from SPRINT READY to Ready for Triage in IQSS Dataverse Project Nov 3, 2025
@scolapasta scolapasta moved this from Ready for Triage to Ready for Review ⏩ in IQSS Dataverse Project Nov 12, 2025
@cmbz cmbz added the FY26 Sprint 10 FY26 Sprint 10 (2025-11-05 - 2025-11-19) label Nov 20, 2025
@stevenwinship
Copy link
Contributor

stevenwinship commented Nov 21, 2025

@poikilotherm Please resolve conflicts

@cmbz cmbz added the FY26 Sprint 11 FY26 Sprint 11 (2025-11-20 - 2025-12-03) label Nov 22, 2025
@pdurbin pdurbin added the Status: Merge Conflicts Merge conflicts must be resolved. label Nov 24, 2025
@pdurbin pdurbin moved this from Ready for Review ⏩ to In Progress 💻 in IQSS Dataverse Project Nov 24, 2025
@pdurbin pdurbin modified the milestones: 6.9, 6.10 Nov 25, 2025
@pdurbin
Copy link
Member

pdurbin commented Nov 25, 2025

@poikilotherm I bumped this to 6.10. Also, please resolve merge conflicts. Thanks!

@poikilotherm
refactor(api): unify JSON exception handling with abstract handler #1…
f1bbbd2 
…1717

- Replaced `JsonParseExceptionHandler` with `JsonExceptionsHandler` to streamline exception handling
- Added mappers for `JsonParsingException` and `DvUtilJsonParseException`
@poikilotherm
test(api): add test case for invalid JSON in user creation API #11717
5e793d0 
- Ensured API returns `BAD_REQUEST` for malformed JSON input with appropriate error message validation
- Makes sure invalid JSON is not resulting in a HTML error page
@poikilotherm
fix(api): ensure JsonObjectBuilder consistency during logging and res…
b919120 
…ponse creation #11717

- Cloned JsonObjectBuilder to prevent unintended mutation
- Simplified metadata construction logic in logging
- This should allow us to no longer have HTML Error 500 pages, but a nicer JSON response.
@poikilotherm
Copy link
Contributor Author

poikilotherm commented Nov 28, 2025

@pdurbin I made a rebase and force pushed. There were ~300 commits missing, to this is the cleaner fix, avoiding any merge conflicts.

@github-actions

This comment has been minimized.

Sign in to view
@poikilotherm poikilotherm mentioned this pull request Nov 28, 2025
Closed
@pdurbin pdurbin removed the Status: Merge Conflicts Merge conflicts must be resolved. label Dec 1, 2025
@pdurbin pdurbin moved this from In Progress 💻 to Ready for Review ⏩ in IQSS Dataverse Project Dec 1, 2025
@cmbz cmbz added the FY26 Sprint 12 FY26 Sprint 12 (2025-12-03 - 2025-12-17) label Dec 3, 2025
@stevenwinship stevenwinship self-assigned this Dec 5, 2025
@stevenwinship stevenwinship moved this from Ready for Review ⏩ to In Review 🔎 in IQSS Dataverse Project Dec 5, 2025
@stevenwinship
Copy link
Contributor

stevenwinship commented Dec 5, 2025

Re: Let me know if GSON, Jackson etc should be added to the list of implementations.
Let me know if there should be a line in the API changelog about this. It affects a lot of API endpoints.

I did some testing with unit tests and IT tests that make calls where Gson reads json. The IT tests returned 400 and appropriate exceptions were returned when invalid json was given. I don't believe we need to make changes here.
Maybe more testing on the QA end can be done

As for the API changelog, I didn't see any mention of an expected 500 for the response. I would say that it's not a change as most people would assume it should return 400.

Approving this pr

@github-project-automation github-project-automation bot moved this from In Review 🔎 to Reviewed but Frozen ❄️ in IQSS Dataverse Project Dec 5, 2025
@stevenwinship stevenwinship removed their assignment Dec 5, 2025
@sekmiller sekmiller self-assigned this Dec 19, 2025
@sekmiller sekmiller moved this from Ready for QA ⏩ to QA ✅ in IQSS Dataverse Project Dec 19, 2025
@github-actions

This comment has been minimized.

Sign in to view
@github-actions
Copy link

github-actions bot commented Dec 22, 2025

📦 Pushed preview images as

ghcr.io/gdcc/dataverse:11717-fix-api-errors

ghcr.io/gdcc/configbaker:11717-fix-api-errors

🚢 See on GHCR. Use by referencing with full name as printed above, mind the registry name.

@sekmiller sekmiller merged commit 96e96f4 into develop Dec 22, 2025
13 of 14 checks passed
@github-project-automation github-project-automation bot moved this from QA ✅ to Merged 🚀 in IQSS Dataverse Project Dec 22, 2025
@sekmiller sekmiller deleted the 11717-fix-api-errors branch December 22, 2025 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevenwinship stevenwinship stevenwinship approved these changes

@pdurbin pdurbin Awaiting requested review from pdurbin

@ofahimIQSS ofahimIQSS Awaiting requested review from ofahimIQSS

Assignees

@sekmiller sekmiller

Labels

FY26 Sprint 10 FY26 Sprint 10 (2025-11-05 - 2025-11-19) FY26 Sprint 11 FY26 Sprint 11 (2025-11-20 - 2025-12-03) FY26 Sprint 12 FY26 Sprint 12 (2025-12-03 - 2025-12-17) Size: 3 A percentage of a sprint. 2.1 hours. Type: Bug a defect

Projects

IQSS Dataverse Project
Status: Merged 🚀

Milestone

6.10

Development

Successfully merging this pull request may close these issues.

Malformed JSON input to multiple API endpoints returns HTTP 500 HTML instead of HTTP 400 JSON error

7 participants

@poikilotherm @coveralls @stevenwinship @pdurbin @sekmiller @cmbz