[openstack-dev] [glance][api] Response when a illegal body is sent

Ian Cordasco ian.cordasco at RACKSPACE.COM
Fri Jul 24 15:58:06 UTC 2015



On 7/23/15, 19:38, "michael mccune" <msm at redhat.com> wrote:

>On 07/23/2015 12:43 PM, Ryan Brown wrote:
>> On 07/23/2015 12:13 PM, Jay Pipes wrote:
>>> On 07/23/2015 10:53 AM, Bunting, Niall wrote:
>>>> Hi,
>>>>
>>>> Currently when a body is passed to an API operation that explicitly
>>>> does not allow bodies Glance throws a 500.
>>>>
>>>> Such as in this bug report:
>>>> https://bugs.launchpad.net/glance/+bug/1475647 This is an example of
>>>> a GET however this also applies to other requests.
>>>>
>>>> What should Glance do rather than throwing a 500, should it return a
>>>> 400 as the user provided an illegal body
>>>
>>> Yep, this.
>>
>> +1, this should be a 400. It would also be acceptable (though less
>> preferable) to ignore any body on GET requests and execute the request
>> as normal.
>>
>>> Best,
>>> -jay
>
>i'm also +1 on the 400 band wagon

400 feels right for when Glance is operating without anything in front of
it. However, let me present a hypothetical situation:

Company X is operating Glance behind a load-balancing proxy. Most users
talk to Glance behind the LB. If someone writes a quick script to send a
GET and (for whatever reason) includes a body, they'll get a 200 with the
data that would otherwise have been sent if they didn't include a body.
This is because most such proxies will strip the body on a GET (even
though RFC 7231 allows for bodies on a GET and explicitly refuses to
define semantic meaning for them). If later that script is updated to work
behind the load balancer it will be broken, because Glance is choosing to
error instead of ignoring it.

Note: I'm not arguing that the user is correct in sending a body when
there shouldn't be one sent, just that we're going to confuse a lot of
people with this.

I'm also fine with either a 400 or a 200.



More information about the OpenStack-dev mailing list