Use correct http status codes
1/ redmine ignores accept headers and jquery dataType attribute
The Accept request-header field can be used to specify certain media types which are acceptable for the response.
If no Accept header field is present, then it is assumed that the client accepts all media types. If an Accept header field is present, and if the server cannot send a response which is acceptable according to the combined Accept field value, then the server SHOULD send a 406 (not acceptable) response.
curl -v -H http://demo.redmine.org/issues.json -> 200 + json OK! but curl -v -H "Accept: application/json" http://demo.redmine.org/issues -> 500 no builder for format expected (with patch) -> 200 + json output
in some cases html is returned even if json was requested
2/ 406 error raises exception
curl -v http://demo.redmine.org/issues.xxx -> 406 + exception ActionController::UnknownFormat expected (with patch) -> 406 no exception
3/ csrf protection - useful to avoid exceptions because of site-scanner bots
#2 Updated by Pavel Rosický 4 months ago
- File api_test.rb.patch added
builders.rb.patch without a patch fails:
Failure: Redmine::ApiTest::ApiTest#test_accept_header_on_error: Expected response to be a <422: Unprocessable Entity>, but was a <500: Internal Server Error>. Expected: 422 Actual: 500 Failure: Redmine::ApiTest::ApiTest#test_accept_header_on_show: Expected response to be a <200: ok>, but was a <500: Internal Server Error>. Expected: 200 Actual: 500
application_controller.rb.patch this isn't worth fixing, it affects only logs so I can't detect it in tests anyway