Home > Software design >  Express server Error 400 is not returning json message
Express server Error 400 is not returning json message

Time:08-27

I am submitting a form and if the form id already exists in the database, I am returning status 400 with a message saying that the form exists.

res.status(400).send({
   status: 400,
   message: "Form exists"
})

When I read the response sent back from my express server, I am getting Bad request message instead of the custom message object that I am returning. If I replace res.status(400) with res.status(200), I am getting the expected custom message object.

Weird enough, I can get the custom message object when making the server call in development environment. I get Bad Request message from my production server and I don't know why the response is different when the environment is different. I am hosting this server on IIS Manager v10

So my question is should I use status code of 200 instead of 400 in this scenario? Is there a way to return a custom message from status 400? Based on my understanding, I should use 4xx status code if there is a client input errors eg there is already an existing ID or invalid inputs.

Edit: This is my code from my React app.

axiosInstance
        .post("/form/some-endpoint", formData)
        .then(function () {
          navigate(ROUTE_SUCCESS_PAGE);
        })
        .catch(function (error) {
          // eslint-disable-next-line no-console
          console.log(error);
          alert(error.response !== undefined ? error.response.data.message : error.message);
        });

This is the actual screenshot of the response from prod server (I console log it)

enter image description here

enter image description here

But in development environment, I am getting the response that I wanted. enter image description here

enter image description here

Postman response from Prod server: enter image description here

CodePudding user response:

should I use status code of 200 instead of 400 in this scenario

TLDR: It depends on the usage.

If your intent is to Update a form, like using a PUT request, you should require an id and if that id does not exist, return 404.

If you are looking to Create new form, like using a POST request, with an id or other meta data and one already exists matching the id or meta data (e.g. groupId), then 400 is fine but it could be better to use 409 stating that there is a conflict with the existing state, that being a preexisting form id or meta data. Though you don't often pass an id to a POST create request.

The full list of codes is a great place to start, but sometimes it helps to see how certain codes are used in production APIs. A good place to look is the GitHub API which shows the possible status codes for each endpoint along with a description. Take the Pulls API for example, just searching for 40 on the page gives you a lot of insight about when certain codes are used.

Comparing these statuses with your example, if you look at the PUT /repos/{owner}/{repo}/pulls/{pull_number}/merge route, they use 409 whenever Conflict if sha was provided and pull request head did not match. This seems similar in nature to the POST request described above.

At the end of the day the crucial part is to get in the correct grouping (i.e 2xx, 4xx, etc.) after that it's more about being consistent across your API than matching the codes to exact best option. Also everyone is different and some may choose different codes for the same use case.


As far as changing the response itself on 400 status, you should be able to achieve this by setting statusMessage directly and then call res.end.

function(req, res) {
  res.statusMessage = "Form exists";
  res.status(400).end();
}

Also see https://stackoverflow.com/a/36507614/6943587

CodePudding user response:

<system.webServer>
    <httpErrors existingResponse="PassThrough" />
</system.webServer>

Adding the <httpErrors existingResponse="PassThrough" /> to the server's web.config file on IIS Manager resolved my issue. Based on my understanding, bypassing the http error handler and not letting IIS to send its response is the solution that I need.

  • Related