Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-92896

JSON request with guest.allowed=false returns HTML response

    Details

      Description

      Steps to reproduce

      1. Change https://github.com/liferay/liferay-portal/blob/71c6734c7119fd92fc87b76a918223e2161b82d8/modules/apps/headless/headless-delivery/headless-delivery-impl/src/main/java/com/liferay/headless/delivery/internal/jaxrs/application/HeadlessDeliveryApplication.java#L31 and add a new property:,"auth.verifier.guest.allowed=false"
      2. Redeploy gradlew :apps:headless:headless-delivery:headless-delivery-impl:deploy
      3. Execute curl -i -H'Accept: application/json' http://localhost:8080/o/headless-delivery/v1.0/content-spaces/0/knowledge-base-articles

      Expected result: JSON response is returned
      Actual result: HTML response is returned


      In the REST APIs to be released for 7.2, when the server answers with a 403, the information is returned in HTML. The goal of this story is that if the request is performed with the HTTP header set to "application/json", the server answers in JSON

       

      Steps to reproduce:

      Define a properties file with: auth.verifier.guest.allowed=“false” for the headless-delivery app

      Make a request to any headless api: for example: GET http://localhost:8080/o/headless-delivery/v1.0/content-spaces/\contentSpaceId/knowledge-base-articles without authentication.

      The server will return:

       

      <!doctype html><html lang="en"><head><title>HTTP Status 403 – Forbidden</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Authorization required</p><p><b>Description</b> The server understood the request but refuses to authorize it.</p><hr class="line" /><h3>Apache Tomcat/9.0.10</h3></body></html>

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  7 weeks, 5 days ago

                  Packages

                  Version Package
                  7.2.0 GA1