On Mon, Jun 3, 2013 at 7:10 PM, Greg Stein <gstein_at_gmail.com> wrote:
> On Mon, Jun 3, 2013 at 6:48 PM, Ben Reser <ben_at_reser.org> wrote:
>...
>> I'd argue that we should return a 500 range error since the problem
>> here is that the server is not properly configured. There is really
>
> Nah. 500 means there is nothing the client can do, which isn't quite
> accurate. A client *could* go ahead and fill in an Authorization:
> header. (tho I don't know if Apache will parse it, without a config
> there)
>
>> nothing a client can do to resolve the issue other than to
>> authenticate, which our client is only going to do if the server is
>> setup properly. So I'd vote for returning HTTP_INTERNAL_SERVER_ERROR.
On IRC, Ben and I tossed this around. The short answer is "the server
is not configured to allow a LOCK operation." 501 (Not Implemented)
states it is an appropriate status when the server is unable to
support the request method.
We can also adjust the error string in append_locks() to something like:
"Anonymous lock creation is not allowed. The server configuration
will not allow a LOCK."
That points to the configuration problem. And the 501 is pretty darned
close to what we want.
As Ben noted on IRC, a 4xx response implies the client got something
wrong. The root problem is on the server, and that implies a 5xx
response.
Cheers,
-g
Received on 2013-06-04 01:24:24 CEST