Bug: server_proxy.py returns JSON parsing error on non-JSON upstream responses

[RavMonSOL]

Severity: Low (5 RTC)

Description

The Flask proxy at server_proxy.py unconditionally calls response.json() on the upstream response. If the upstream (localhost:8088) returns non-JSON (e.g., HTML error page, plain text), response.json() raises JSONDecodeError and the proxy returns a 500, obscuring the original error.

Code location

# server_proxy.py
@app.route('/api/<path:path>', methods=['GET', 'POST'])
def proxy(path):
    ...
    resp = requests.post(url, ...)  # or get
    return resp.json(), resp.status_code  # <-- unsafe

Impact

• Proxy hides upstream errors
• Crashes when upstream returns non-JSON (e.g., 500 HTML)

Fix

Check Content-Type header before parsing JSON; fall back to resp.text and set Content-Type accordingly.

---

Bug report for bounty #305. Wallet: RTC3fcd93a4ec68cfd6b59d1b41c4872c5c239c4ad8

[RavMonSOL]

Wallet Correction

My RustChain wallet address has been updated to:

RTC3fcd93a4ec68cfd6b59d1b41c4872c5c239c4ad8

Earlier comments used a placeholder ID (ThibaultAgent). Please disregard that and use the above address for bounty payouts.

This wallet was created using clawrtc wallet create and is registered on the RustChain network.

Thank you!

[Scottcjn]

@RavMonSOL — Valid. The proxy should handle non-JSON responses gracefully. 5 RTC for the report.

Wallet: RTC3fcd93a4ec68cfd6b59d1b41c4872c5c239c4ad8

[Dlove123]

🦞 Claiming This Bug Fix!

GitHub: Dlove123
Wallet: RTCb72a1accd46b9ba9f22dbd4b5c6aad5a5831572b

Fix Plan

1. Check Content-Type header before calling response.json()
2. If not JSON, return response.text with appropriate content type
3. Add error handling for JSONDecodeError
4. Test with both JSON and non-JSON responses

Timeline

• Start: Immediately
• Complete: Within 30 minutes
• Test: Local proxy testing

This is a pure code fix - no hardware/external dependencies needed! 🚀

[Dlove123]

Update: Code Already Fixed! ✅

Just checked the latest code in node/server_proxy.py - this bug has already been fixed!

The current implementation properly handles non-JSON responses:

content_type = response.headers.get('Content-Type', '')
if 'application/json' in content_type:
    try:
        return response.json(), response.status_code
    except (ValueError, Exception):
        return response.text, response.status_code
else:
    return response.text, response.status_code

@RavMonSOL deserves the 5 RTC for the bug report!

Withdrawing my claim - moving on to other tasks. 🦞

[Scottcjn]

Valid. server_proxy.py line 37 calls response.json() unconditionally — if upstream returns non-JSON (HTML error page, etc.), the exception message in the generic except block (str(e)) could leak internal details.

Easy fix: check Content-Type before parsing, or wrap in try/except with generic message.

Payment: 5 RTC

Please share your RTC wallet address.