- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 23 Apr 2013 13:08:16 +1000
- To: Amos Jeffries <squid3@treenet.co.nz>
- Cc: ietf-http-wg@w3.org
On 21/04/2013, at 12:32 PM, Amos Jeffries <squid3@treenet.co.nz> wrote: > On 20/04/2013 9:14 p.m., Mark Nottingham wrote: >> Several status codes are defined in terms of indicating the server's intent, without specifying what kind of server it is. >> >> I believe there are several that we can make more specific without too much controversy. Specifically, >> >> 406 Not Acceptable >> 409 Conflict > > Note: Squid uses 409 Conflict to signal CVE-2009-0801 validation mismatch between DNS, TCP and HTTP state as reason for messages being rejected. It is a client-end error and more expressive of the semantic problem than 400 or 500. Er, that *really* isn't what 409 means; it's a conflict in the state of the *resource*. 400 and a body / header is probably best for that. >> 500 Internal Service Error > > Disagree strongly with 500. It is intentionally the generic "server" error to be sent by any server for edge case internal errors. OK, I'll buy that. >> can, I think, all be specified as being from the origin server. >> >> And, if we are still OK with 403 Forbidden being generated by both origins and intermediaries, it may be helpful to explicitly state that. > > Agreed on that. OK, it sounds like the outcome here is to note that 403 can be generated by intermediaries, at the most. Let's just make it an editorial suggestion. Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 23 April 2013 03:08:44 UTC