JSON responses globally

[nic-hartley]

Section

The server's responses; specifically, the bodies.

Problem

Many requests -- see specifically unauthorized requests and nonexistent URLs -- return HTML responses instead of JSON like everything else. For example, hitting an endpoint that requires authorization without it gives:

<!doctype html><html lang="en"><head><title>HTTP Status 403 – Forbidden</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1></body></html>

That should probably return something more like:

{"error":"Authorization insufficient to hit endpoint","fix":"Authenticate as a user allowed to access this endpoint."}

Solution

I'm fairly sure this can be done with a custom AuthenticationEntryPoint, but this needs to be investigated.

Additional notes

While fixing this, maybe also fix the issue where 401s are reported as 403s?