Open Closed

Controller returns 400 with HTML on production, on developt a 500 #3379


User avatar
0
william@iwell.nl created
  • ABP Framework version: v5.2.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): Angular/
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

An endpoint always throws an Exception (as test). I expect this endpoint to return a 500 with json, and on a local develop environment it does. However on production the endpoint returns a 400 with html.

What causes this?

Deployed on a production server:

Local development:


7 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    hi

    There are differences in the Development and Production environment.

    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    
    if (!env.IsDevelopment())
    {
        app.UseErrorPage();
        app.UseHsts();
    }
    
  • User Avatar
    0
    william@iwell.nl created

    hi, thanks for the quick reply.

    That makes sense, I found the code and removed app.UseDeveloperExceptionPage();

    However, I still get the a 500 with json. This is what I except, as an exception is thrown. However, what I don't understand is why on production a 400 with html is returned. This should also be a 500 with json, isn't it? I'm not aware of specific code to change this for production.

  • User Avatar
    0
    maliming created
    Support Team

    what I don't understand is why on production a 400 with html is returned

    What are the error logs of HTTP 400?

  • User Avatar
    0
    william@iwell.nl created

    2022-07-05T09:35:48.145810880Z [09:35:48 ERR] The required antiforgery cookie ".AspNetCore.Antiforgery.nixphHDAMN4" is not present.

    After removing the cookies from postman, the request returned as excepted. I'm not sure why these cookies are there, maybe after a unauthorised request?

  • User Avatar
    0
    maliming created
    Support Team

    The postman will get cookies from the browser.

  • User Avatar
    0
    william@iwell.nl created

    Thanks, your hint made me digging through the logs, and I see more 400 requests. For example after a DependencyResolutionException which happen during a deployment. So if I understand correctly, exceptions like AntiForgery and DependencyResolutionException are returned with statuscode 400?

    This behaviour is unwanted for certain endpoints. For example a webhook, called from Azure event grid, to push messages. When event grid receives a 400, it won't retry the message. At a 500 it does.

    Can this be disabled for certain endpoints, or do you have a suggestion how to solve this otherwise?

  • User Avatar
    0
    maliming created
    Support Team

    hi

    So if I understand correctly, exceptions like AntiForgery and DependencyResolutionException are returned with statuscode 400?

    DependencyResolutionException should be get 500, the AntiForgery will get 400.

    Many validation errors will use 400 code, eg: Parameter validate error. AntiForgery token. etc.

    This behaviour is unwanted for certain endpoints. For example a webhook, called from Azure event grid, to push messages. When event grid receives a 400, it won't retry the message. At a 500 it does.

    400 means the request info has something wrong. You should check the Azure request.

Made with ❤️ on ABP v9.2.0-preview. Updated on January 14, 2025, 14:54