Re: Additional HTTP Status Codes - "Request Too Onerous"

Why isn't a 403 Forbidden appropriate here? In particular, the first two
sentences of the status code's definition seems to cover this case
exactly. A server could include the "request too onerous" information in
the response entity, as well as, for example, describing acceptable

10.4.4. 403 Forbidden
"The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated. If the
request method was not HEAD and the server wishes to make public why the
request has not been fulfilled, it SHOULD describe the reason for the
refusal in the entity. If the server does not wish to make this
information available to the client, the status code 404 (Not Found) can
be used instead."

Jon Moore
Comcast Interactive Media

On 11/9/11 6:22 PM, "Alexander Dutton" <>

>Hash: SHA1
>On 09/11/11 16:19, Sam Johnston wrote:
>> Is it the client's fault for making onerous requests though, or
>> the server's for being unable or unwilling to satisfy them? I'm
>> more inclined to think that this is a server (5xx) issue.
>As Andy Seaborne points out in a post to another mailing listę÷, RFC
>2616 says that 5xx codes "indicate cases in which the server is aware
>that it has erred or is incapable of performing the request". Hence, a
>5xx code would seem to fit (unless one differentiates between
>"incapable" and "unwilling").
>Still, I'm not sure; it's equally easy to say argue that the client is
>being unreasonable in its demands.
>ę÷ <>
>Version: GnuPG v1.4.11 (GNU/Linux)
>Comment: Using GnuPG with Mozilla -


Received on Thursday, 10 November 2011 15:14:35 UTC