Invalid error status codes for method/path mismatch (always `403`)

Hi, I think is not good to always return `403` when the request method or path does not match the expected. Instead:
- when method does not match return `405`
- when path does not match return `404`
- when secret does not match return `403`

Always returning `403` confuses the client that there is something wrong with the credentials, auth or etc. When there is just an issue with method/path

https://github.com/telegraf/telegraf/blob/0638cf4cc7ba8467ccb9222726024c99c54d119f/src/telegraf.ts#L121-L131

https://github.com/telegraf/telegraf/blob/0638cf4cc7ba8467ccb9222726024c99c54d119f/src/core/network/webhook.ts#L21-L24

https://github.com/telegraf/telegraf/blob/0638cf4cc7ba8467ccb9222726024c99c54d119f/src/core/network/webhook.ts#L13-L17

	if (req.method === 'POST') {
	if (safeCompare(this.path, req.url as string)) {
	// no need to check if secret_token was not set
	if (!this.secretToken) return true
	else {
	const token = req.headers[TOKEN_HEADER] as string
	if (safeCompare(this.secretToken, token)) return true
	else debug('Secret token does not match:', token, this.secretToken)
	}
	} else debug('Path does not match:', req.url, this.path)
	} else debug('Unexpected request method, not POST. Received:', req.method)

	next = (): void => {
	res.statusCode = 403
	debug('Replying with status code', res.statusCode)
	res.end()
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Invalid error status codes for method/path mismatch (always `403`) #2065

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	if (!filter(req)) {
	debug('Webhook filter failed', req.method, req.url)
	return next()
	}

Invalid error status codes for method/path mismatch (always 403) #2065

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Invalid error status codes for method/path mismatch (always `403`) #2065