- From: Robert Inder <inder@etl.go.jp>
- Date: Tue, 16 Mar 1999 03:26:57 GMT
- To: http-wg@hplb.hpl.hp.com
I have been reading the HTTP/1.1 spec (rev. 6, 18th Nov, expires May 18, 1999). I have a question. I suspect that the answer should be obvious, but since it isn't, and since I think it ought to be a common question, maybe some wording somewhere could be clarified. My question concerns the appropriate response code to use when rejecting a request as incomplete or otherwise unacceptable. For instance, if the users submits a form without supplying a value for a necessary field (say an email address), or with an in-appropriate value (say a non-existent file type). The server process detects this and wants to reply to say that it has rejected the request. What code should be used in the HTTP header? Typically, I suspect a CGI application will use "200 OK", even though the body of the message then says "I can't do that because....". However, Section 10.2.1 says that "200 OK" means the request has succeeded, which it hasn't.... It seems that a "4xx" code would be right. But which one? Based on Section 10.4, it seems to be that "403 Forbidden" is the right answer. But I am not confident of this. I associate "403" with "Permission denied" messages, and I've never noticed anyone using it to tell me I've forgotten to specify my email address.... But looking at 10.4.4, it seems it is actually very general, and applies in this case: the server *has* understood the request, and is refusing to carry it out. If 403 is the right response, could I suggest adding a sentence to 10.4.4 something along the lines of "This code is appropriate when a server rejects an incomplete or incoherent request, such as from an incorrectly filled form". If 403 isn't right, could someone tell me what is (and why): I've thought about, and rejected, "400 Bad Request", "406 Not Acceptable" and "409 Conflict".... Robert.
Received on Tuesday, 23 March 1999 15:42:01 UTC