Hi,
I have a reactive web application with a simple form that calls a server action for backend validation. I would like the HTTP response status code to be 400 (Bad Request) when the backend validation fails. However, no matter what I do—raising an exception or using the SetStatusCode server action from the HTTPRequestHandler Extension—the response always returns 200 OK.
The reason behind this is that our penetration tester is bypassing the frontend validation and directly calling the server action (which essentially behaves like an API in OutSystems). As a result, even when validation fails, the tester sees a 200 status code, which is confusing.
Is there a supported way to have these server actions return a non-200 status code for such scenarios?
Below are screenshots showing the logic and the result:
Client Action (on button click):
Server Action (validate entered name):
Result, still 200, even though validation did not pass.
Appreciate your assistance in this scenario, thank you.
Dear,
Kindly let me know below was your requirement
Hi @Vignesh Sekar,
I was trying to test your solution regarding this. but I cannot find the SetStatus action from the dependency.
While I was trying to use the SetStatusCode action, it was not working as expected. As you see in the description, it is not compatible with reactive web or mobile applications.Can you provide more details?
Thanks in advance.
Dear ,
I used extension for done this , just now I published it in development modehttps://www.outsystems.com/forge/component-overview/21141/http-helper-o11
You can use this and let me know the status
Thank you for sharing the forge component.I was looking at the codeIt will be nice if we can pass the description also as a input parameter instead of hardcoding
I agree. I uploaded it under development only, as I have a plan to update the component. I will update the full version once it's completed.
Thanks for the suggestion.
Hi Saud,
I'm not sure how you can change the status code to 400, but to prevent unauthorized users from performing your action, it’s a good practice to use the Check[RoleName]Role action. This can be found under the Roles folder in the Logic tab.
In your ValidateName server action, add the CheckRole action and an If widget. Set the condition to Check[RoleName]Role.HasRole, so that the action will only be executed if the user has the required role.
Hello Saud,
Use the server SetStatusCode on the Exception Handler flow after you raised the exception.
Best Regards
Hi Saud Alghamdi,Add the status code action in Exception handler flow