apache/apisix

request help: the format of response body that returned by plugin should match Content-Type

Open

#8,511 opened on Dec 13, 2022

View on GitHub
 (10 comments) (1 reaction) (1 assignee)Lua (2,860 forks)batch import
good first issue

Repository metrics

Stars
 (16,597 stars)
PR merge metrics
 (Avg merge 7d 18h) (97 merged PRs in 30d)

Description

Step 1 Create a route with consumer restriction

curl --location --request PUT ".../apisix/admin/routes/content-type" \
--header "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" \
--header "Content-Type: application/json" \
--data-raw "{
    \"methods\": [
        \"GET\"
    ],
    \"plugins\": {
        \"consumer-restriction\": {
            \"whitelist\": [
                \"nobody\"
            ]
        }
    },
    \"uri\": \"/content-type/get\"
}"

Step 2 Try to consume the route without being identified to raise an error I said i want application/json response :

curl --location --request GET ".../content-type/get" \
--header "Accept: application/json"

Response is :

# http code
401
# body 
{"message":"Missing authentication or identity verification."}
# In headers : 
Content-Type:  text/plain; charset=utf-8

The Content-Type header should be : application/json as it is in fact a Json in response.

This issue is not on "consumer-restriction"plugin only, it also happen for the key-auth plugin when you provide a wrong key, and i guess it is a .general plugin error behavior. I think it should exist a general common way to respond error from plugin to allow manage right content-type depending the response format. For example in case of a request like :

curl --location --request GET "..../content-type/get" \
--header "Accept: application/xml"

i expect a response like

# body 
<message>Missing authentication or identity verification.</message>
# In headers : 
Content-Type:  application/xml; charset=utf-8

In case of unknow accept or not managed, here we go for text/plain :

--header "Accept: */*"

Response should be something like :

# body 
Missing authentication or identity verification.
# In headers : 
Content-Type:  text/plain; charset=utf-8

Originally posted by @MekelCon in https://github.com/apache/apisix/discussions/8504#discussioncomment-4386548

Contributor guide