Re: p2: scope for status codes from Mark Nottingham on 2013-04-23 (ietf-http-wg@w3.org from April to June 2013)

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 24 Apr 2013 08:20:41 +1000
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: ietf-http-wg@w3.org
Message-Id: <AE9F321A-915A-4416-ADD9-14F003B96524@mnot.net>

On 23/04/2013, at 11:15 PM, Amos Jeffries <squid3@treenet.co.nz> wrote:

> On 23/04/2013 3:08 p.m., Mark Nottingham wrote:
>> On 21/04/2013, at 12:32 PM, Amos Jeffries wrote:
>> 
>>> On 20/04/2013 9:14 p.m., Mark Nottingham wrote:
>>>> Several status codes are defined in terms of indicating the server's intent, without specifying what kind of server it is.
>>>> 
>>>> I believe there are several that we can make more specific without too much controversy. Specifically,
>>>> 
>>>>   406 Not Acceptable
>>>>   409 Conflict
>>> Note: Squid uses 409 Conflict to signal CVE-2009-0801 validation mismatch between DNS, TCP and HTTP state as reason for messages being rejected. It is a client-end error and more expressive of the semantic problem than 400 or 500.
>> Er, that *really* isn't what 409 means; it's a conflict in the state of the *resource*.
> 
> I think it fits. Resource O is being fetched. The information available indicates that it is *only* available on server A, B , C. Yet the client is fetching a copy from server Z.
> "These droids^W^Wresource is not the one you seek."

You're confusing a problem with the message (it has conflicting semantics) and the 409 status code's use case -- again, it's about the resource. See <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#status.409>.


>> 400 and a body / header is probably best for that.
>> 
>> 
>>>>   500 Internal Service Error
>>> Disagree strongly with 500. It is intentionally the generic "server" error to be sent by any server for edge case internal errors.
>> OK, I'll buy that.
>> 
>> 
>>>> can, I think, all be specified as being from the origin server.
>>>> 
>>>> And, if we are still OK with 403 Forbidden being generated by both origins and intermediaries, it may be helpful to explicitly state that.
>>> Agreed on that.
>> OK, it sounds like the outcome here is to note that 403 can be generated by intermediaries, at the most. Let's just make it an editorial suggestion.
> 
> ... and what you had in mind for 406 status.


Yes.

--
Mark Nottingham   http://www.mnot.net/

Received on Tuesday, 23 April 2013 22:21:08 UTC