We have a tool when a user enters a project key and the tool fetches the project details from REST API
- If the user enters wrong project key, then API returns 404 with JSON error message:
"No project could be found with key 'WRONGKEY'.". That’s OK.
- We encode the project key, so if the user enters e.g.
WRONG%3FKEY, and the API returns 404:
"No project could be found with key 'WRONG?KEY'.". That’s perfect.
- However, for some characters, like
^|<>and some others, e.g.
WRONG%3CKEYthe API returns 400 with HTML error page. I think it’s a bug - API should return 404 with JSON error message, too. (It may have some connection to Java Tomcat
Note: workaround is not to allow user to enter such special characters, but I think better is when the REST API client does not need to be aware of the subset of characters the project key may contain.