diff --git a/spec/ParseFile.spec.js b/spec/ParseFile.spec.js index ea06227c49..cd17ab5ba9 100644 --- a/spec/ParseFile.spec.js +++ b/spec/ParseFile.spec.js @@ -793,9 +793,9 @@ describe('Parse.File testing', () => { it('does not crash on file metadata request with invalid app ID', async () => { const res1 = await request({ url: `http://localhost:8378/1/files/invalid-id/metadata/invalid-file.txt`, - }); - expect(res1.status).toBe(200); - expect(res1.data).toEqual({}); + }).catch(e => e); + expect(res1.status).toBe(403); + expect(res1.data).toEqual({ error: 'Permission denied' }); // Ensure server did not crash const res2 = await request({ url: 'http://localhost:8378/1/health' }); expect(res2.status).toEqual(200); diff --git a/src/Routers/FilesRouter.js b/src/Routers/FilesRouter.js index 300413d831..b51e8d066f 100644 --- a/src/Routers/FilesRouter.js +++ b/src/Routers/FilesRouter.js @@ -838,8 +838,9 @@ export class FilesRouter { try { const config = Config.get(req.params.appId); if (!config) { - res.status(200); - res.json({}); + const error = createSanitizedHttpError(403, 'Invalid application ID.', config); + res.status(error.status); + res.json({ error: error.message }); return; } FilesRouter._validateFileDownload(req, config);