@heurteph-ei opened this Issue on March 5th 2021

Step to reproduce on the online demo server

Call https://demo.matomo.cloud/index.php?module=API&method=API.getMatomoVersion&token_auth=TOKEN_AUTH (yes, the authentication token is wrong, this is wanted)

Expected Behavior

If an error occurs, the HTTP response code should not be 2xx, but 4xx (in case of request error, in my case I am not authenticated so the HTTP error code should be 404) or 5xx (in case of server error or misconfiguration)

Current Behavior

image
I am not authenticated, I receive an error message, but the HTTP response is 200: OK "everything seems good"

Possible Solution

In case of error message (error result), never use HTTP 200, but at least HTTP 400 or HTTP 500

@diosmosis commented on March 7th 2021 Member

Hi @heurteph-ei, you're right, thanks for the bug report!

@tsteur commented on March 7th 2021 Member

Just fyi this might affect various monitors and could break BC. So I'm putting this for now into Matomo 5 where we can consider doing this.

Powered by GitHub Issue Mirror