Using the download_endpoint plugin, files can be accessed via /attachments/eyJpZCI6ImFkdzlyeTM.... As far as I understand, eyJpZCI6ImFkdzlyeTM... is some base64 encoded data.

However, when a client calls the app with some invalid url like /attachments/dontwork, /attachments/dont%20work etc., Base64 or even JSON exceptions would happen, causing in the end a HTTP 500 response.

Expected behavior

Since it's the client's fault to provide the invalid url, response code should be in the 4xx range, e.g. 400 or 404.

Workaround

Similar to #145 (comment), you could wrap mount in a constraints block like

  constraints(AttachmentConstraint) do
    mount Shrine::DownloadEndpoint => "/attachments"
  end  

copy the code from UrlsafeSerialization into AttachmentConstraint, catch the exception, and prevent the route matching.
This doesn't look like a good solution.