Loading ...
Sorry, an error occurred while loading the content.

3842Re: [rest-discuss] 403 vs. 409

Expand Messages
  • Alex Jacobson
    Aug 4, 2003
    • 0 Attachment
      Why isn't the correct response 415 (Unsupported Media Type)?

      Your application requires that the POST conform to a particular schema and
      that schema has been violated. 2616 does not say that the value of the
      content-type header is bad, but that the actual media-type is bad. XML DTD
      and schema have already moved a lot of media-type information outside of
      the content-type header. Isn't 415 the status code to use if the client is
      violating schema requirements?


      S. Alexander Jacobson i2x Media
      1-212-787-1914 voice 1-603-288-1280 fax

      --On Friday, August 01, 2003 4:07 PM -0400 Seairth Jacobs
      <seairth@...> wrote:

      > That's what I thought, except when I was working on Jot (my RESTful blog
      > system) someone (forgot who) said that 400 indicated a problem with HTTP
      > layer itself (e.g. "host" header missing in HTTP/1.1) and should not be
      > used for application-level errors. Currently, I am using 403, saying
      > that an invalid request entity (say, a non-well-formded XML document)
      > would be "forbidden". But the problem here is that the resource is what
      > defines whether the request entity is valid or not (even the
      > well-formedness of an XML document), so in *some* sense, a bad request
      > entity "conflicts" with the resource.
      > So, supposing that 409 was the correct response to use, then what is 403
      > for? About the only example I could come up with was one mirroring a
      > filesystem operation. Suppose you have a resource that is marked
      > "read-only". An attempt to PUT to that resource may be valid if it were
      > not read-only, but otherwise would return a 403. This is not a conflict,
      > necessarily (though I could see it rephrased that way), and therefore not
      > appropriate for a 409 response.
      > ---
      > Seairth Jacobs
      > seairth@...
      > From: "Mark Baker" <distobj@...>
      >> On Thu, Jul 31, 2003 at 09:11:23AM -0400, Seairth Jacobs wrote:
      >> > Suppose an application detects a problem with the request entity.
      > Should a
      >> > 403 (forbidden) or a 409 (conflict) be returned?
      >> I'd use 400. Neither 403 nor 409 seem relevant.
      > To unsubscribe from this group, send an email to:
      > rest-discuss-unsubscribe@yahoogroups.com
      > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
    • Show all 26 messages in this topic