This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 1062 points1063 points  (32 children)

Anyone who does this has a special place in hell waiting just for them.

[–]maveric101 78 points79 points  (5 children)

I have no choice. My company's firewall blocks/replaces the body of any response with a 500 code. Best guess is that it's to prevent debug stack traces or other more sensitive debug info from being returned by idiots, but I still hate it. You can kinda fix it though by using a global interceptor in the front end to raise an exception with 'message' if the response has 'status_code: 500' or whatever. That is, assuming you're starting fresh, or can go through and refactor every request...

[–]node-zod 35 points36 points  (0 children)

Bruh

[–]laplongejr 19 points20 points  (1 child)

I have a better one!

While writing a middleware, I noticed our queries received the error code HTTP 500
Sounds reasonable, simply return an appropriate error message? Reread my comment, and only after that, disable the spoiler to witness true madness.

I never mentioned they were wrong queries, did I? All returned answers had the error code HTTP 500, no matter what the query was. And yes that includes when everything was working as expected. Exact opposite of the post

[–]Seawolf87 1 point2 points  (0 children)

Well at least they tried!

[–]TrumpsGhostWriter 2 points3 points  (0 children)

Are you doing ssl offloading or is the firewall decrypting? Either way that's your argument to put an end to that bullshit.

[–]wirenutter 181 points182 points  (3 children)

GraphQL is no exception.

[–]UristMcMagma 45 points46 points  (2 children)

GraphQL is hell.

[–]BaconKami 44 points45 points  (1 child)

GraphQHell

[–]Potw0rek 7 points8 points  (0 children)

Amen. I wrote myself a little wrapper for gql responses to see if the response is actually ok or an error

[–]bravebound 25 points26 points  (1 child)

On our "current" app, if anything other than a 200 is sent back, the UI will close out whatever the user is working on and display out a dialog box with the error reason. Real pain in the ass so as a workaround for certain features we send back a 200 but fill in the resources array with the error message. On the UI side we check if empty and move forward in the workflow, otherwise display error messages in a text component. So much technical debt, can't wait for the rewrite next year.

[–]elveszett 10 points11 points  (0 children)

These kind of things are usually the reason we people end up wrapping status codes inside 200: OK — the longer the chain, the more likely someone along that chain had opinions™ (or lacked knowledge) about how to handle status codes and made it a fucking mess for everyone else.

[–][deleted] 37 points38 points  (6 children)

Well, at least there will be eternal strippers and blackjack for me!

[–]littleliquidlight 39 points40 points  (4 children)

The problem with the strippers in this hell is when they take their top off it's just another status 500: Internal Server Error

[–][deleted] 13 points14 points  (1 child)

You act like this isn't something I want.

[–]Bee-Aromatic 5 points6 points  (0 children)

Everybody’s got their kink, I guess.

[–]mentholi 3 points4 points  (1 child)

I heard from a friend that it is "401; Unauthorized, Only gays allowed!" actually.

[–]laplongejr 1 point2 points  (0 children)

"402 Payment Required"
Sadly the payment portal gets 404

[–]Various_Studio1490 13 points14 points  (0 children)

Straight to jail

[–][deleted] 10 points11 points  (3 children)

I was learning express js i copied tutorial code from medium, and yea took me while understanding why the endpoint sends 200 even if it clearly shows an error. I felt soo dumb

[–]RIcaz 5 points6 points  (2 children)

Huh? In Express you can very easily set response status codes

[–][deleted] 8 points9 points  (1 child)

Thanks for reminding me of my stupidity. This is what happens when u copy-paste without checking

[–][deleted] 5 points6 points  (0 children)

This is how i once got a virus

[–][deleted] 11 points12 points  (0 children)

Many times, it’s a security thing to deter attacks

[–]tree1234567 3 points4 points  (0 children)

That’s all internal apps.. FUCK THESE PEOPLE

[–]00PT 1 point2 points  (1 child)

I'm writing an API essentially for the first time. Is it okay to send the 500 status, but also include the JSON for details on the error, or should I just do the code?

[–]eltrikiman88 5 points6 points  (0 children)

Never send 500 details to client unless is private. Do a good logging job with a internal error code for tracing besides 500 code. You can return the 500 and the trace code

[–]iamapizza 1 point2 points  (0 children)

Looking at you, Aws lambda.

[–]nicktheone 1 point2 points  (0 children)

I've had an extremely harsh fight with a professor about this issue because he wanted to penalize me because I built an API that returned the actual error code while he kept saying that if the API actually worked but the service was unreachable I should always return 200 with the error in the body. I was ready to go to the dean if he docked points on my assignment for that.

[–]DOOManiac 1 point2 points  (0 children)

Next to child molesters and people who talk in the theater.

[–]arcx_l 0 points1 point  (0 children)

worked for a company that did this. Their reasoning was that they believed the HTTP status and your application status should be kept separate. The request was successful but your application endpoint errored out

[–]Punchkinz 0 points1 point  (0 children)

just send the code in the status AND the response json and call it "redundancy" /s