[Bug] Internal server error on /verify #1085

New Issue

adam · 2025-12-29T02:28:11+01:00

adam commented

2025-12-29 02:28:11 +01:00

Originally created by @nblock on GitHub (Aug 14, 2025).

Is this a support request?

This is not a support request

Is there an existing issue for this?

I have searched the existing issues

Current Behavior

An internal server error is displayed when non-JSON is sent to /verify.

Expected Behavior

Either respond with HTTP/400 BadRequest or HTTP/200 and {"Allow":false} when malformed request data is sent by a client.

Steps To Reproduce

Compile main, currently 30cec3aa

Send invalid requests with curl:

 curl $HEADSCALE_URL/verify -d ''
 curl $HEADSCALE_URL/verify -d 'a'
 curl $HEADSCALE_URL/verify -d '{'

Observe logs from Headscale

ERR http internal server error error="cannot parse derpAdmitClientRequest: unexpected end of JSON input" code=50
ERR http internal server error error="cannot parse derpAdmitClientRequest: invalid character 'a' looking for beginning of value" code=500
ERR http internal server error error="cannot parse derpAdmitClientRequest: unexpected end of JSON input" code=500

Environment

- OS:Debian 13
- Headscale version: main, 30cec3aa
- Tailscale version: -

Runtime environment

Headscale is behind a (reverse) proxy
Headscale runs in a container

Debug information

Originally created by @nblock on GitHub (Aug 14, 2025). ### Is this a support request? - [x] This is not a support request ### Is there an existing issue for this? - [x] I have searched the existing issues ### Current Behavior An internal server error is displayed when non-JSON is sent to `/verify`. ### Expected Behavior Either respond with HTTP/400 BadRequest or HTTP/200 and `{"Allow":false}` when malformed request data is sent by a client. ### Steps To Reproduce 1. Compile main, currently 30cec3aa 2. Send invalid requests with curl: ```console curl $HEADSCALE_URL/verify -d '' curl $HEADSCALE_URL/verify -d 'a' curl $HEADSCALE_URL/verify -d '{' ``` 3. Observe logs from Headscale ```console ERR http internal server error error="cannot parse derpAdmitClientRequest: unexpected end of JSON input" code=50 ERR http internal server error error="cannot parse derpAdmitClientRequest: invalid character 'a' looking for beginning of value" code=500 ERR http internal server error error="cannot parse derpAdmitClientRequest: unexpected end of JSON input" code=500 ``` ### Environment ```markdown - OS:Debian 13 - Headscale version: main, 30cec3aa - Tailscale version: - ``` ### Runtime environment - [ ] Headscale is behind a (reverse) proxy - [ ] Headscale runs in a container ### Debug information -

adam added the bug no-stale-bot labels 2025-12-29 02:28:11 +01:00

adam closed this issue

2025-12-29 02:28:11 +01:00

adam commented

2025-12-29 02:28:11 +01:00

@nblock commented on GitHub (Aug 14, 2025):

Sending valid JSON but with malformed values also triggers the error:

 curl $HEADSCALE_URL/verify --json '{"nodePublic": "nodekey:this-is-too-short", "source": "192.168.1.1"}'

Logs:

ERR http internal server error error="cannot parse derpAdmitClientRequest: key hex has the wrong size, got 17 want 64" code=500

@nblock commented on GitHub (Aug 14, 2025): Sending valid JSON but with malformed values also triggers the error: ```console curl $HEADSCALE_URL/verify --json '{"nodePublic": "nodekey:this-is-too-short", "source": "192.168.1.1"}' ``` Logs: ``` ERR http internal server error error="cannot parse derpAdmitClientRequest: key hex has the wrong size, got 17 want 64" code=500 ```

adam commented

2025-12-29 02:28:11 +01:00

@nblock commented on GitHub (Aug 18, 2025):

Fixed via 086fcad7d9

@nblock commented on GitHub (Aug 18, 2025): Fixed via 086fcad7d958e1f94b172e2dd25f89ccdc3e1955

adam referenced this issue

2025-12-29 02:32:02 +01:00

[PR #1086] [MERGED] update macos check template #1866

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#1085