Sending response sets invalid code when exception thrown.

twisted1919 · March 25, 2015, 1:54pm

I think i am missing something obvious here, but what i following: http://www.yiiframework.com/doc-2.0/guide-rest-error-handling.html and in my config i have:




'response' => [

            'class'  => 'yii\web\Response',

            //'format' => \yii\web\Response::FORMAT_JSON,        

            'on beforeSend' => function ($event) {

                $response = $event->sender;

                //$response->formatters['html'] = 'yii\web\JsonResponseFormatter';

                $output   = Yii::$app->request->get('output');

                if (in_array($output, [$response::FORMAT_JSON, $response::FORMAT_JSONP, $response::FORMAT_XML])) {

                    $response->format = $output;

                }

                $response->data = [

                    'success' => $response->isSuccessful,

                    'data'    => $response->data,

                ];

                $response->setStatusCode(200);

            },

        ],

and in my rest controller, i am using the yii\filters\auth\HttpBearerAuth as:




    /**

     * @inheritdoc

     */

    public function behaviors()

    {

        $behaviors = parent::behaviors();

        $behaviors['authenticator'] = [

            'class'  => 'yii\filters\auth\HttpBearerAuth',

            'except' => ['login', 'create'],

        ];

        return $behaviors;

    }

Now the thing is that if i access a url that requires authentication, i get the response i expect:




<response>

<name>Unauthorized</name>

<message>You are requesting with an invalid credential.</message>

<code>0</code>

<status>401</status>

<type>yii\web\UnauthorizedHttpException</type>

</response>

BUT the headers i get:




HTTP/1.1 401 Unauthorized

Date: Wed, 25 Mar 2015 13:39:37 GMT

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.6.6

X-Powered-By: PHP/5.6.6

Www-Authenticate: Bearer realm="api"

Content-Length: 231

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: application/xml; charset=utf-8

So why do i get a 401 Unauthorized when i specified that i want a 200 code for all cases ?

If i access a page that does not exists, i get back:




<response>

<success/>

<data>

<name>Error</name>

<message>An internal server error occurred.</message>

<exception>

<NotFoundHttpException>

<statusCode>404</statusCode>

<xdebug_message>...</xdebug_message>

</NotFoundHttpException>

</exception>

</data>

</response>

And the headers:




HTTP/1.1 200 OK

Date: Wed, 25 Mar 2015 13:52:28 GMT

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.6.6

X-Powered-By: PHP/5.6.6

Content-Length: 4519

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: application/xml; charset=utf-8

So, what the heck is happening here, any idea ?