Bad request for API get project when the project key has some special characters

We have a tool when a user enters a project key and the tool fetches the project details from REST API GET /rest/api/3/project/{projectIdOrKey}.

  • If the user enters wrong project key, then API returns 404 with JSON error message: "No project could be found with key 'WRONGKEY'.". That’s OK.
  • We encode the project key, so if the user enters e.g. WRONG?KEY we send WRONG%3FKEY, and the API returns 404: "No project could be found with key 'WRONG?KEY'.". That’s perfect.
  • However, for some characters, like ^|<> and some others, e.g. WRONG<KEYWRONG%3CKEY the API returns 400 with HTML error page. I think it’s a bug - API should return 404 with JSON error message, too. (It may have some connection to Java Tomcat relaxedPathChars ?)

Note: workaround is not to allow user to enter such special characters, but I think better is when the REST API client does not need to be aware of the subset of characters the project key may contain.

1 Like