Bad requests leak verbose logs

I just want to flag that certain malformed requests leak error messages that show more information about the API than they should. Nothing serious but I wanted to flag.

{
    "model": "sonar-pro",
  "messages": [
    {
      "role": "system",
      "content": "Provide clear, structured responses with an explanation and practical examples."
    },
    {
      "role": "user",
      "content": [
        {
            "type": "text",
            "text": "Could you tell me more about this image? "},
         {
            "type": "image_url",
            "content" : "https://upload.wikimedia.org/wikipedia/commons/thumb/4/46/Vincent_Willem_van_Gogh_127.jpg/1920px-Vincent_Willem_van_Gogh_127.jpg"
         }
         ]
    }
  ],
  "max_tokens": "125"
}

…leaks info on the Pydantic models for the types of accepted content and the expected fields.

{
    "error": {
        "message": "[\"At body -> messages -> 1 -> content -> str: Input should be a valid string\", \"At body -> messages -> 1 -> content -> list[union[ChatMessageContentTextChunk,ChatMessageContentImageChunk,ChatMessageContentPDFChunk]] -> 1 -> ChatMessageContentTextChunk -> type: Input should be 'text'\", \"At body -> messages -> 1 -> content -> list[union[ChatMessageContentTextChunk,ChatMessageContentImageChunk,ChatMessageContentPDFChunk]] -> 1 -> ChatMessageContentTextChunk -> text: Field required\", \"At body -> messages -> 1 -> content -> list[union[ChatMessageContentTextChunk,ChatMessageContentImageChunk,ChatMessageContentPDFChunk]] -> 1 -> ChatMessageContentImageChunk -> image_url: Field required\", \"At body -> messages -> 1 -> content -> list[union[ChatMessageContentTextChunk,ChatMessageContentImageChunk,ChatMessageContentPDFChunk]] -> 1 -> ChatMessageContentPDFChunk -> type: Input should be 'pdf_url'\", \"At body -> messages -> 1 -> content -> list[union[ChatMessageContentTextChunk,ChatMessageContentImageChunk,ChatMessageContentPDFChunk]] -> 1 -> ChatMessageContentPDFChunk -> pdf_url: Field required\"]",
        "type": "bad_request",
        "code": 400
    }
}

This request uses the syntax that’s in the regex structure output section of the API docs. The example with an r string is invalid when the request is made directly.

Edit: It was non-authenticated; when authenticated, it returns a json decode error at r"

{
    "model": "sonar-pro",
  "messages": [
    {
      "role": "system",
      "content": "Provide clear, structured responses with an explanation and practical examples."
    },
    {
      "role": "user",
      "content": [
        {
            "type": "text",
            "text": "Could you tell me more about this image? "},
      ]

    }
  ],
  "max_tokens": "125",
      "response_format": {
            "type": "regex",
        "regex": {"regex": r"(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"},
    },
}

and returns version info on the infrastructure (openresty, WAF).

<html>

<head>
    <title>401 Authorization Required</title>
</head>

<body>
    <center>
        <h1>401 Authorization Required</h1>
    </center>
    <hr>
    <center>openresty/1.25.3.1</center>
    <script>
        (function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'90717be099c1426b',t:'MTczNzczNzAyMS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
    </script>
</body>

</html>

Thanks for flagging! We’ll take this into account and see what we can do.