7 Replies Latest reply on Jan 13, 2015 5:26 PM by peter_raganitsch

    Body replaced when setting status_line

    peter_raganitsch

      This is about a special situation on a customer APEX system. Before we used mod_plsql, now we are on ORDS 2.0.9.

       

      The problematic part is a procedure inside a package called via URL, e.g. http://myschema.myprocedure.myfunction?param1=abc&param2=def

       

      This function tests the input parameters, especially if that combination is allowed. In case it is not allowed, it returns a HTTP status 401. This is done using:

      BEGIN
          ...
          IF not_authorized
          THEN
              OWA_UTIL.status_line
                ( nstatus => 401
                , creason => 'This combination of input parameters is unauthorized!'
                );
              HTP.P('This combination of input parameters is unauthorized!');
          ELSE
              ..
          END IF;
          ...
      END;
      
      

       

      Using mod_plsql this actually returned HTTP 401 and the string "This combination of input parameters is unauthorized!" in the body. Now, using ORDS we seem to get an error page, see here a curl response:

      HTTP/1.1 401 Unauthorized
      Date: Mon, 12 Jan 2015 17:22:13 GMT
      Server: Oracle-REST-Data-Services2.0.9.224.01.05
      X-DB-Content-length: 75
      Content-Type: text/html;charset=UTF-8
      Connection: close
      Transfer-Encoding: chunked
      
      <!DOCTYPE html>
      <!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
      <!--[if IE 7 ]>         <html class="ie7 no-css3"> <![endif]-->
      <!--[if IE 8 ]>         <html class="ie8 no-css3"> <![endif]-->
      <!--[if IE 9 ]>         <html class="ie9"> <![endif]-->
      <!--[if (gt IE 9)|!(IE)]><!-->
      <html>
      <!--<![endif]-->
      <html lang="en">
      <head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
      <style type="text/css" media="screen">html,body,div,span,h3,p,ol,ul,li,header,hgroup{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}header,hgroup{display:block}body{font:normal 12px/16px Arial,sans-serif;margin:0 auto;background:#6a9cda}header#xHeader{border-bottom:1px solid #8fa4c0;position:relative;z-index:10;background:none #000}header#xHeader hgroup{width:974px;margin:0 auto;position:relative;height:36px;background:none #000}header#xHeader a#uLogo{margin:8px 0;display:inline-block;font:bold 14px/20px Arial,sans-serif;color:#AAA;text-decoration:none}header#xHeader a#uLogo span.logo{color:#F00}.no-css3 div#xContentContainer div.xContent{padding-top:14px}.no-css3 div#xContentContainer div.xContent div.xMainLeft h2{margin-top:0}div#xWhiteContentContainer{margin-bottom:30px}div#xWhiteContentContainer.xContentWide{background:#FFF;margin-bottom:0}div#xWhiteContentContainer.xContentWide div.xWhiteContent{-moz-border-radius:0;-webkit-border-radius:0;border-radius:0;-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none}div#xWhiteContentContainer div.xWhiteContent{width:974px;margin:0 auto;padding:0 0 20px 0;background:#FFF;min-height:500px;-moz-border-radius:0 4px 4px 4px;-webkit-border-radius:0 4px 4px 4px;border-radius:0 4px 4px 4px;-moz-box-shadow:0 1px 2px rgba(0,0,0,0.15);-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.15);box-shadow:0 1px 2px rgba(0,0,0,0.15)}div#xContentHeaderContainer{background:#6a9cda;-moz-box-shadow:0 -1px 0 rgba(0,0,0,0.15) inset;-webkit-box-shadow:0 -1px 0 rgba(0,0,0,0.15) inset;box-shadow:0 -1px 0 rgba(0,0,0,0.15) inset}div#xContentHeaderContainer div.xContentHeader{width:974px;margin:0 auto;padding:30px 0 32px 0;position:relative;min-height:60px}div#xContentHeaderContainer div.xContentHeader h3{font:bold 24px/24px Arial,sans-serif;color:#fff;text-shadow:0 2px 1px rgba(0,0,0,0.25);margin:0 0 20px 0}div#xFooterContainer{min-height:200px;border-top:1px solid rgba(0,0,0,0.15);background:#6a9cda}body.errorPage div#xContentHeaderContainer div.xContentHeader{min-height:30px}body.errorPage div#xContentHeaderContainer div.xContentHeader h3{font:bold 30px/30px Arial,sans-serif;color:#FFF;text-shadow:0 1px 2px rgba(0,0,0,0.25);margin:0}div.errorPage p{font:normal 14px/20px Arial,sans-seri;color:#666;padding:0 0 10px 0}div.errorPage ul{list-style:disc outside;padding:0 10px 0;margin:0 0 20px 0}div.errorPage ul li{font:normal 12px/16px Arial,sans-serif;color:#666;margin:0 0 8px 10px}pre{font-family:Consolas,"Lucida Console","Courier New",Courier,monospace}
      </style>
      <script type="text/javascript" charset="utf-8">
          'header hgroup'.replace(/\w+/g,
                  function(n) {
                      document.createElement(n)
                  })
      </script>
      <title>Unauthorized</title>
      </head>
      <body class="errorPage">
          <header id="xHeader">
              <hgroup>
                  <a id="uLogo" href="./"><span class="logo">ORACLE</span>
                      REST DATA SERVICES</a>
              </hgroup>
          </header>
          <div id="xContentHeaderContainer">
              <div class="xContentHeader">
                  <h3>
                      <span class="statusCode">401</span> - <span
                          class="statusMessage">Unauthorized</span>
                  </h3>
              </div>
          </div>
          <div id="xWhiteContentContainer" class="xContentWide">
              <div class="xWhiteContent">
                  <div class="errorPage">
                      <p>
                      <ul class="reasons">
                      </ul>
                      </p>
                      <p>
                      <pre></pre>
                      </p>
                      <p>
                      <pre></pre>
                      </p>
                  </div>
              </div>
          </div>
          <div id="xFooterContainer">
          </div>
      </body>
      </html>
      
      
      

       

      Any ideas how to prevent that auto generated error page and have my string in the body again?

       

      Regards,

      Peter

       

      Update: some additional Information.

       

      Above PL/SQL code snippet works as expected when used within a Restful WS (GET PLSQL). There it shows the body outputted with htp.p.

       

      It does NOT work correct when called as a procedure through URL.

       

      Any ideas??

       

      Message was edited by: peter_raganitsch