Verify 401 responses are not tagged as errors (fixes #838)#849
Open
Verify 401 responses are not tagged as errors (fixes #838)#849
Conversation
Adds a test endpoint returning 401 and a corresponding test that confirms Scout's Starlette/FastAPI middleware correctly tracks 401 Unauthorized responses without tagging them as errors. Only 5xx responses trigger the error tag, so a FastAPI OAuth2 empty bearer token rejection (which returns 401) is properly categorized as a client error, not a server error. Closes #838 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
src/scout_apm/async_/starlette.py) and confirmed that Scout only tags responses as errors when500 <= status <= 599(line 60). Scout does not inspectAuthorizationheaders or bearer tokens.scout_apmpackage for any bearer/auth token handling — none exists. The only auth-related references are parameter name filtering inweb_requests.py(redacting sensitive query params liketoken,auth_token, etc.) and readingscope["user"]from Starlette'sAuthenticationMiddlewarefor username tagging.test_return_unauthorized_not_tagged_as_error) that explicitly verifies a 401 Unauthorized response is tracked but not tagged as an error.Conclusion: When a FastAPI OAuth2 dependency rejects an empty bearer token and returns 401, Scout correctly records the request without marking it as an error. No code changes to the middleware are needed — this PR adds a regression test to lock in the correct behavior.
Test plan
test_return_unauthorized_not_tagged_as_errortest passesCloses #838
🤖 Generated with Claude Code