Skip to content

[LOW] Inconsistency: Divergent errors for empty payloads #2

Description

@codebyfernanda

Description

The API exhibits inconsistent behavior when receiving a request with an empty body {}. The returned status code depends on whether the route is public or private, which complicates error-handling standardization on the front-end.

Steps to Reproduce

  1. Send a POST request with an empty body {} (empty payload).
  2. Test it on a public route (e.g., POST /usuarios).
  3. Test it on a private route (e.g., POST /produtos or POST /carrinhos).

Expected Behavior

The API should consistently return a contract validation error status (400 Bad Request) across all routes whenever it receives an empty or malformed JSON body.

Actual Behavior

  • Public routes (such as /usuarios): The API correctly returns 400 Bad Request (content validation).
  • Private routes (such as /produtos and /carrinhos): The API returns 401 Unauthorized (authentication error), bypassing the content validation checks that should evaluate the payload format first.

Evidences

Image Image Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions