Reputation: 20609
Suppress validation errors in ASP.NET Core's automatic 400 response
Although the automatic 400 response is useful, I don't want to send validation errors to the client.
This is the response body:
{
"errors": {
"username": [
"'username' must not be empty."
],
...more errors
},
"title": "One or more validation errors occurred",
"status": 400,
"traceId": "xxx:yyy"
}
But what I want is the default, without the errors:
{
"type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
"title": "Bad Request",
"status": 400,
"traceId": "xxx:yyy"
}
I thought all I needed to do was set
options.SuppressUseValidationProblemDetailsForInvalidModelStateResponses = true;
...but that doesn't do anything.
I don't want to disable this feature, I just want to suppress validation errors. How do I do that?
BTW, I am using a workaround, by creating the response body manually, but I'd prefer to avoid this:
services.Configure<ApiBehaviorOptions>(apiBehaviorOptions => {
apiBehaviorOptions.InvalidModelStateResponseFactory = actionContext => {
var pd = new ProblemDetails();
pd.Type = apiBehaviorOptions.ClientErrorMapping[400].Link;
pd.Title = apiBehaviorOptions.ClientErrorMapping[400].Title;
pd.Status = 400;
pd.Extensions.Add("traceId", actionContext.HttpContext.TraceIdentifier);
return new BadRequestObjectResult(pd);
};
});
Upvotes: 6
Views: 8518
Answers (2)
Reputation: 3121
The problem with ProblemDetails is that it is the default response for the StatusCodeResult with ths StatusCode greater or equal to 400. https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.statuscoderesult?view=aspnetcore-6.0
The following action generates a response with ProblemDetails if the status is greater or equal 400.
[HttpGet("raw/{status}")]
public IActionResult GetRawStatus(int status)
{
return StatusCode(status);
}
To suppress the default ProblemDetails response body you can have an empty ObjectResult with the status.
The example below generates an response without ProblemDetails for any status code.
[HttpGet("object/{status}")]
public IActionResult GetObjectStatus(int status)
{
return new ObjectResult(null) { StatusCode = status };
}
Upvotes: 1
Reputation: 239290
"Problem details" corresponds to RFC 7807, which is an attempt at standardizing the way HTTP APIs report errors. SuppressUseValidationProblemDetailsForInvalidModelStateResponses does not cover specifically the returning of the actual validation errors, just the standard bits discussed in the RFC.
The only way to do what you want is what you've already done, i.e. using a custom factory. It's not a hack or a workaround: that is the documented way to alter the automatic response.
That said, it makes absolutely zero sense to suppress the validation errors. The whole entire point is to inform the client about what mistakes were present in the request so that the client can correct those mistakes. Without that, you're just slamming the door, without any indication of what is wrong or how to fix it.
Upvotes: 6
Related Questions
- How handle exceptions from 400 to 500 in ASP.NET Core 3
- Customize error 400 (Bad Request) avoid IIS-8 intercepting it
- Asp.net Core 3.1 Web Api return custom error message from IActionResult
- How to have the same response format for 400 response raised from BadRequest and validations?
- Sanitize ASP.NET Core's automatic 400 responses
- Add a message to your HTTP 400 Bad Request in ASP.NET Core 3.1
- ASP.NET Core: Prevent Automatic HTTP 400 responses for individual action
- How to return 400 response using the same format that Asp.Net Core validation uses?
- Handle invalid requests errors in .net core 2.1 web api
- ASP.NET Core - handling 404 and 500 error