Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-20171

npm package metadata requests may return 200 status code with content that indicates an error

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Parked
    • Affects Version/s: 3.16.0, 3.16.1, 3.16.2
    • Fix Version/s: None
    • Component/s: NPM
    • Labels:

      Description

      During load testing of npm package metadata requests, in rare cases it was noticed that NXRM may return a HTTP status code of 200 and a response body indicating an error:

      {"_id":"semver","_rev":"semver","success":false,"error":"Failed to stream response due to: Missing blob and no handler set to recover."}
      

      Expected

      It is expected an HTTP error code be returned instead ( ie. 4xx, 5xx ), if there is a problem properly returning the response asked for by the client.

      It is believed that the NPM format protocols for the npm client do not normally anticipate a 200 status code response with a body payload that indicates an error on the server.

      A concern is a less forgiving npm client may interpret the 200 success status code as a true success, and store the error body as the actual payload.

      Diagnosis

      A request is made to a package, we attempt to decrease memory utilization by sending a response and wait for the requester to stream out the actual bytes. When setting up the request and response, we are giving the handler that does the actually streaming out of the response a Missing Blob handler. Meaning if we have already started streaming out bytes and found the blob to be missing during this operation - it is too late to start over with response headers - so an error body is sent instead of the requested content.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Mahendra Surani Mahendra Surani
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title