-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Description
Contact Information
MaxKB Version
v1.10.x (latest Docker image)
Problem Description
When sending an HTTP request with a method not supported by an endpoint (e.g., POST to /admin/api/workspace/default/knowledge), the API returns {"code": 500} with message 方法 "POST" 不被允许。 instead of the standard HTTP 405 Method Not Allowed response. The HTTP status code is 200, but the internal code field is 500. According to REST API standards (RFC 7231), unsupported methods should return HTTP 405.
Steps to Reproduce
curl -s -X POST
-H "Authorization: Bearer <your_token>"
-H "Content-Type: application/json"
-d '{"name":"test","desc":"test","type":"0"}'
http://localhost:8080/admin/api/workspace/default/knowledge
The expected correct result
HTTP 405 with response body:
json{"code": 405, "message": "Method Not Allowed", "data": null}
Related log output
Actual response (HTTP 200):
{"code": 500, "message": "方法 \u201cPOST\u201d 不被允许。", "data": null}Additional Information
Found via automated fuzzing testing. 33+ different POST requests to this endpoint all produce the same code 500 response. This affects monitoring systems that rely on HTTP status codes to detect real server errors, as it produces false positives.