fix: add HTML response body validation before JSON parsing
Adds a backup check that validates the response body starts with '{'
before attempting JSON unmarshal. This catches cases where:
- Server returns HTML with incorrect Content-Type header
- Reverse proxy/load balancer modifies headers but not body
- PHP error pages with HTTP 200 status
Includes a preview of the HTML content (up to 200 chars) for debugging.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
770e05ef7c
commit
735b288504
1 changed files with 25 additions and 0 deletions
25
jsonrpc.go
25
jsonrpc.go
|
|
@ -4,9 +4,11 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
"sync/atomic"
|
"sync/atomic"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -77,6 +79,10 @@ func (c *Client) call(ctx context.Context, method string, params interface{}, re
|
||||||
|
|
||||||
resp, err := c.httpClient.Do(httpReq)
|
resp, err := c.httpClient.Do(httpReq)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
// Preserve specific errors that shouldn't be wrapped as connection failures
|
||||||
|
if errors.Is(err, ErrTooManyRedirects) {
|
||||||
|
return ErrTooManyRedirects
|
||||||
|
}
|
||||||
return fmt.Errorf("%w: %v", ErrConnectionFailed, err)
|
return fmt.Errorf("%w: %v", ErrConnectionFailed, err)
|
||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
@ -91,6 +97,12 @@ func (c *Client) call(ctx context.Context, method string, params interface{}, re
|
||||||
return fmt.Errorf("unexpected HTTP status: %d", resp.StatusCode)
|
return fmt.Errorf("unexpected HTTP status: %d", resp.StatusCode)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check for HTML response (indicates redirect to login page or misconfiguration)
|
||||||
|
contentType := resp.Header.Get("Content-Type")
|
||||||
|
if strings.Contains(contentType, "text/html") {
|
||||||
|
return fmt.Errorf("%w: received HTML instead of JSON (possible redirect to login page)", ErrUnauthorized)
|
||||||
|
}
|
||||||
|
|
||||||
respBody, err := io.ReadAll(resp.Body)
|
respBody, err := io.ReadAll(resp.Body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to read response body: %w", err)
|
return fmt.Errorf("failed to read response body: %w", err)
|
||||||
|
|
@ -100,6 +112,19 @@ func (c *Client) call(ctx context.Context, method string, params interface{}, re
|
||||||
c.logger.Debug("JSON-RPC response", "method", method, "body", string(respBody))
|
c.logger.Debug("JSON-RPC response", "method", method, "body", string(respBody))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if response body is HTML (backup check if Content-Type header is wrong/missing)
|
||||||
|
if len(respBody) > 0 {
|
||||||
|
trimmed := bytes.TrimLeft(respBody, " \t\n\r")
|
||||||
|
if len(trimmed) > 0 && trimmed[0] == '<' {
|
||||||
|
// Response is HTML, not JSON - extract a preview for debugging
|
||||||
|
preview := string(respBody)
|
||||||
|
if len(preview) > 200 {
|
||||||
|
preview = preview[:200] + "..."
|
||||||
|
}
|
||||||
|
return fmt.Errorf("server returned HTML instead of JSON (possible auth error or server error): %s", preview)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
var rpcResp JSONRPCResponse
|
var rpcResp JSONRPCResponse
|
||||||
if err := json.Unmarshal(respBody, &rpcResp); err != nil {
|
if err := json.Unmarshal(respBody, &rpcResp); err != nil {
|
||||||
return fmt.Errorf("failed to unmarshal response: %w", err)
|
return fmt.Errorf("failed to unmarshal response: %w", err)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue