Creating MR notes via API returns 400 without any explanations
Summary
I am trying to create a note at a merge request using curl an the only thing I receive is a 400 response without any body explaining what happens.
Steps to reproduce
curl -v --fail -d "test test" -H "Accept: application/json" -H "PRIVATE-TOKEN: <token>" "https://gitlab.com/api/v4/projects/22491900/merge_requests/249/notes"I have tested with a project token from the respective project and a user token with all scopes.
Example Project
ID is in the reproduction case above
What is the current bug behavior?
❯ curl -v --fail -d "test test" -H "Accept: application/json" -H "PRIVATE-TOKEN: <token>" "https://gitlab.com/api/v4/projects/22491900/merge_requests/249/notes"
* Trying 172.65.251.78:443...
* Connected to gitlab.com (172.65.251.78) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=gitlab.com
* start date: Jan 21 00:00:00 2021 GMT
* expire date: May 11 23:59:59 2021 GMT
* subjectAltName: host "gitlab.com" matched cert's "gitlab.com"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5576ba014930)
> POST /api/v4/projects/22491900/merge_requests/249/notes HTTP/2
> Host: gitlab.com
> user-agent: curl/7.75.0
> accept: application/json
> private-token: <token>
> content-length: 9
> content-type: application/x-www-form-urlencoded
>
* We are completely uploaded and fine
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 400
< date: Wed, 10 Mar 2021 20:34:56 GMT
< content-type: application/json
< content-length: 27
< set-cookie: __cfduid=d22bd62187fdd2905ff8bddd4ac0f9e0f1615408496; expires=Fri, 09-Apr-21 20:34:56 GMT; path=/; domain=.gitlab.com; HttpOnly; SameSite=Lax; Secure
< cache-control: no-cache
< vary: Origin
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-gitlab-feature-category: code_review
< x-request-id: 01F0EXJZJFRR37SBV8KCWV9HAC
< x-runtime: 0.026546
< ratelimit-observed: 4
< ratelimit-remaining: 1996
< ratelimit-reset: 1615408556
< ratelimit-resettime: Wed, 10 Mar 2021 20:35:56 GMT
< ratelimit-limit: 2000
< gitlab-lb: fe-11-lb-gprd
< gitlab-sv: localhost
< cf-cache-status: DYNAMIC
< cf-request-id: 08bf7295dd000032b23d949000000001
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< server: cloudflare
< cf-ray: 62df539c987632b2-CDG
* The requested URL returned error: 400
* stopped the pause stream!
* Connection #0 to host gitlab.com left intact
curl: (22) The requested URL returned error: 400What is the expected correct behavior?
Either a successful creation of the comment or a JSON-encoded error message indicating my call error (which I don't see from the API docs at https://docs.gitlab.com/ee/api/notes.html).
Relevant logs and/or screenshots
above
Output of checks
This bug happens on GitLab.com
Possible fixes
at least a reasonable error message
Related to #324222 (closed) which is a follow-up to this MR.
Edited by Amy Qualls