You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm experimenting with zap and I found the handling of default unauthorized handler a bit misleading.
In the Authenticating.get method, I've found that if I do not specify a handler for unauthorized, then it will return the proper error code and the string "UNAUTHORIZED".
This is really confusing as a developer trying to experiment with zap and I think it's also better to return the proper error code by default if the authorization has failed.
Wouldn't it make sense to remove the nop from the initialization of the Endpoint?
Maybe I've not understood the purpose well enough.
If that's the case, could you please describe the reason behind it?
It's similar with the other handlers as well. If an endpoint was specified and there is no handler for f.e. the POST method, then it returns 200. However, I expected 405, method not allowed.
In my opinion it would make sense to return these error codes instead of nop or let the user decide with an additional flag what should be done. Nop or a corresponding status code with an error message.
The text was updated successfully, but these errors were encountered:
Hi,
I'm experimenting with zap and I found the handling of default unauthorized handler a bit misleading.
In the Authenticating.get method, I've found that if I do not specify a handler for unauthorized, then it will return the proper error code and the string "UNAUTHORIZED".
zap/src/endpoint.zig
Line 121 in 675c65b
When I've called the endpoint with an incorrect token, it returned 200. Which was strange at first glance.
Then I've seen that the init method of the Endpoint struct, initializes the unauthorized handler as nop if it was not specified explicitly.
zap/src/endpoint.zig
Line 50 in 675c65b
This is really confusing as a developer trying to experiment with zap and I think it's also better to return the proper error code by default if the authorization has failed.
Wouldn't it make sense to remove the nop from the initialization of the Endpoint?
Maybe I've not understood the purpose well enough.
If that's the case, could you please describe the reason behind it?
It's similar with the other handlers as well. If an endpoint was specified and there is no handler for f.e. the POST method, then it returns 200. However, I expected 405, method not allowed.
In my opinion it would make sense to return these error codes instead of nop or let the user decide with an additional flag what should be done. Nop or a corresponding status code with an error message.
The text was updated successfully, but these errors were encountered: