[
https://issues.apache.org/jira/browse/MESOS-5637?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15337419#comment-15337419
]
Till Toenshoff commented on MESOS-5637:
---------------------------------------
We need to decide on...
- the HTTP status code we actually want to show our users
- if we want to display the future error message in the HTTP body
... for being able to unify this.
Furthermore we might want to introduce tests that prevent regressions
introducing such inconsistencies in the future.
> Authorized endpoint results are inconsistent for failures.
> ----------------------------------------------------------
>
> Key: MESOS-5637
> URL: https://issues.apache.org/jira/browse/MESOS-5637
> Project: Mesos
> Issue Type: Bug
> Components: master, modules
> Affects Versions: 1.0.0
> Reporter: Till Toenshoff
> Labels: authorization, mesosphere, security
>
> When trying to access authorized endpoints, the resulting HTTP status codes
> are not consistent for internal authorizer failures (failed future returned
> by {{authorized}}).
> {{/flags}}:
> {noformat}
> HTTP/1.1 503 Service Unavailable
> Date: Fri, 17 Jun 2016 23:11:04 GMT
> Content-Length: 0
> {noformat}
> {{/state}}:
> {noformat}
> HTTP/1.1 500 Internal Server Error
> Date: Fri, 17 Jun 2016 23:08:49 GMT
> Content-Type: text/plain; charset=utf-8
> Content-Length: size($FUTURE_ERROR_MESSAGE)
> $FUTURE_ERROR_MESSAGE
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
