response codes are not validated

[XSven]

I have a jenkins Open API specification. I am sending a Disable a job request

  '/job/{name}/disable':
    post:
      description: Disable a job
      operationId: postJobDisable
      parameters:
        - $ref: '#/components/parameters/jobName'
        - $ref: '#/components/parameters/crumb'
      responses:
        '200':
          description: Successfully disabled the job
        '401':
          $ref: '#/components/responses/unauthorized'
        '403':
          $ref: '#/components/responses/forbidden'
        '404':
          $ref: '#/components/responses/jobNotFound'
      security:
        - jenkins_auth: []
      tags:
        - remoteAccess

using the OpenAPI::Client (version 1.0.3) implementation. Although the jenkins response code is 302 which is not one of the specified response codes (200, 401, 403, 404), the client does not complain (dies) or at least warns the user.

[jhthorsen]

The client doesn't validate the response. It only validates the request. I'm expecting the server to not send "junk" back... Maybe we could add a "strict" attribute or something that also will validate the response code, but I'm not sure when I'll get around to look at that.

[XSven]

The server did not send junk!

The fact that I have missed is that the Mojo::UserAgent does not follow redirection requests automatically. I have turned it on

$client->ua->max_redirects( 1 );

and started another attempt. Now the status was 404. But the jenkins job was properly disabled. So why 404 instead of 200?

Now I have read this HTTP 302 and stumbled over this sentence

Many web browsers implemented this code in a manner that violated this standard, changing the request type of the new request to GET, regardless of the type employed in the original request (e.g. POST)

I have debugged Mojo::UserAgent using the environment variable MOJO_CLIENT_DEBUG and strike: Although the jenkins disable job request was a POST request the Mojo::UserAgent uses GET for the redirection attempt. If the Wiki article is right Mojo::UserAgent violates the 302 redirection standard.