Loading ...
Sorry, an error occurred while loading the content.

3833RE: [rest-discuss] 403 vs. 409

Expand Messages
  • Julian Reschke
    Aug 2, 2003
    • 0 Attachment
      > From: David John Powell [mailto:djpowell@...]
      > Sent: Friday, August 01, 2003 10:30 AM
      > To: rest-discuss@yahoogroups.com
      > Subject: RE: [rest-discuss] 403 vs. 409
      >
      >
      > ...
      >
      > Well all 4xx codes indicate a problem with the request.
      > Have you got a specific example? Do you mean something like missing
      > required information from a POST request?
      >
      > I tend to use 400 for that sort of error, but I just checked, and 400
      > is explicitly for syntactic errors, rather than semantic ones. So I
      > guess that that isn't really right either. Is 400 intended only for
      > syntactic errors at the HTTP level such as illegal URIs, or would it
      > be allowed for syntactic errors at a higher level, such as if you
      > tried to PUT or POST a corrupt document, or refered to a badly formatted
      > identifier?

      RFC2616 says:

      "The request could not be understood by the server due to malformed syntax.
      The client SHOULD NOT repeat the request without modifications."

      So it seems that's perfectly OK to indicate syntax problems in the request
      body using 400.

      > 403 doesn't sound right to me, because I've always seen it as a kind
      > of "get lost" response for requests that have broke some sort of
      > out-of-band policy, such as for IP restricted sites, but I notice that
      > in the HTTP1.0 RFC, the description of 403 suggests that it can
      > be used when other status codes are inappropriate, but that is for
      > 1.0.

      "The server understood the request, but is refusing to fulfill it.
      Authorization will not help and the request SHOULD NOT be repeated. If the
      request method was not HEAD and the server wishes to make public why the
      request has not been fulfilled, it SHOULD describe the reason for the
      refusal in the entity. If the server does not wish to make this information
      available to the client, the status code 404 (Not Found) can be used
      instead."

      > WebDAV defines a "422 Unprocessable entity" status for semantic
      > problems with the XML request, and uses 400 if the XML request is not
      > properly formed. I don't see why WebDAV would be a special case here,
      > so that sounds wrong too.

      Could you please explain why you think this is wrong?

      > ...

      Julian

      --
      <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
    • Show all 26 messages in this topic