Re: serf error handling for locks without authn

From: Greg Stein <gstein_at_gmail.com>
Date: Mon, 3 Jun 2013 19:10:54 -0400

On Mon, Jun 3, 2013 at 6:48 PM, Ben Reser <ben_at_reser.org> wrote:
> On Mon, Jun 3, 2013 at 3:31 PM, Greg Stein <gstein_at_gmail.com> wrote:
>...
>> Yeah. HTTP_CONFLICT should be correct, there.
>
> Well technically 401 is right but we have now way of filling in the
> proper WWW-Authenticate header. HTTP_CONFLICT doesn't sound
> particularly great either because that's supposed to be describing an
> issue with the state of the resource.

"This resource needs a username" or something like that :-)

> I'd argue that we should return a 500 range error since the problem
> here is that the server is not properly configured. There is really

Nah. 500 means there is nothing the client can do, which isn't quite
accurate. A client *could* go ahead and fill in an Authorization:
header. (tho I don't know if Apache will parse it, without a config
there)

> nothing a client can do to resolve the issue other than to
> authenticate, which our client is only going to do if the server is
> setup properly. So I'd vote for returning HTTP_INTERNAL_SERVER_ERROR.

"our client" won't do anything. Doesn't mean another one would.

500 is really for "holy crap. something failed, and I have NO IDEA
what is going on. so just go away" That isn't really true in this
case.

Cheers,
-g
Received on 2013-06-04 01:11:27 CEST

This message: [ Message body ]
Next message: Philip Martin: "Re: serf error handling for locks without authn"
Previous message: Ben Reser: "Re: serf error handling for locks without authn"
In reply to: Ben Reser: "Re: serf error handling for locks without authn"
Next in thread: Greg Stein: "Re: serf error handling for locks without authn"
Reply: Greg Stein: "Re: serf error handling for locks without authn"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]