Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Nested routers do not return 404 error for non-existing resources
See original GitHub issueLet we have the following models
class Book(models.Model):
id = models.CharField()
class Page(models.Model):
book = models.ForeignKey('Book')
and there is no books and no pages in the db. The URL to list pages related to certain book is /books/<BookID>/pages/.
How to reproduce: perform GET request to /books/999/pages/
Expected result 404 code is returned because there is no book with id 999
Actual result Empty list is returned.
Issue Analytics
- State:
- Created 9 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Is it correct to return 404 when a REST resource is not found?
Yes, it is pretty common to return 404 for a resource not being found. Just like a web page, when it's not found,...
Read more >FAQ - Express.js
In Express, 404 responses are not the result of an error, so the error-handler middleware will not capture them. This behavior is because...
Read more >GKE Ingress for HTTP(S) Load Balancing - Google Cloud
This page explains what Ingress for HTTP(S) Load Balancing is and how it works ... response 404 (backend NotFound), service rules for the...
Read more >Handling faults | Apigee Edge
Custom errors. For situations where there's not an automatic error, you may want to throw a custom error; for example, if a response...
Read more >Redirecting to a custom error page when HTTP 404 Not ...
Attempt to access a nonexistent resource via a direct link to the Portal server, e.g:http://portalserver:10040/wps/noimage.jpg. Observe an error 404 is ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Yeah, I agree that this is not trivial to implement and will require extra DB query. We can make it optional for people to decide if they need more strict behavior for the price of extra query.
Talking about prefiltered querysets, we can do nothing to protect from such cases but people always can shoot themselves in the leg. What we can do is to cover this well in docs.
From a security standpoint I would like to make sure that as user that is not permissioned to “view” book 999 gets the SAME HTTP code when accessing
/books/999/pages/if it exists or it does not exists.In other words I do not want a malicious user to be able to map out the existence of books that he should not know about using the nested structure.