Re: Generic semantics for the 400 status code
Mark Nottingham <mnot@mnot.net> Fri, 15 July 2011 13:57 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E3F421F8783 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Jul 2011 06:57:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.622
X-Spam-Level:
X-Spam-Status: No, score=-9.622 tagged_above=-999 required=5 tests=[AWL=0.977, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id npGE8viWAAAR for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Jul 2011 06:57:00 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 84F5C21F8741 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 15 Jul 2011 06:57:00 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Qhisc-00039o-By for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Jul 2011 13:56:34 +0000
Received: from aji.keio.w3.org ([133.27.228.206]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <mnot@mnot.net>) id 1QhisS-00036q-Qn for ietf-http-wg@listhub.w3.org; Fri, 15 Jul 2011 13:56:25 +0000
Received: from mxout-08.mxes.net ([216.86.168.183]) by aji.keio.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1QhisO-0008Or-1J for ietf-http-wg@w3.org; Fri, 15 Jul 2011 13:56:23 +0000
Received: from chancetrain-lm.mnot.net (unknown [118.209.98.127]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id A896250A6A; Fri, 15 Jul 2011 09:55:49 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <20110715135133.GC27520@1wt.eu>
Date: Fri, 15 Jul 2011 23:55:45 +1000
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9A48A81A-5F2B-4834-9423-1139DDFA1E6F@mnot.net>
References: <E7DE53B9-C374-4C9B-81D2-1F35BFCC174F@mnot.net> <20110715135133.GC27520@1wt.eu>
To: Willy Tarreau <w@1wt.eu>
X-Mailer: Apple Mail (2.1084)
Received-SPF: pass client-ip=216.86.168.183; envelope-from=mnot@mnot.net; helo=mxout-08.mxes.net
X-W3C-Hub-Spam-Status: No, score=-1.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: aji.keio.w3.org 1QhisO-0008Or-1J 8f4db60b2d677682e14933a5afe246ab
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Generic semantics for the 400 status code
Archived-At: <http://www.w3.org/mid/9A48A81A-5F2B-4834-9423-1139DDFA1E6F@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/10949
X-Loop: ietf-http-wg@w3.org
Sender: ietf-http-wg-request@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1Qhisc-00039o-By@frink.w3.org>
Resent-Date: Fri, 15 Jul 2011 13:56:34 +0000
Hi Willy, On 15/07/2011, at 11:51 PM, Willy Tarreau wrote: > Hi Mark, > > On Fri, Jul 15, 2011 at 10:53:09PM +1000, Mark Nottingham wrote: >> When people have error states that don't cleanly fit into an existing status code, they're often encouraged to use 400 or 500, depending on whether the client or server were at fault, as they're the most "generic" status codes. >> >> 500's definition fits this: >> >>> 8.5.1. 500 Internal Server Error >>> >>> The server encountered an unexpected condition which prevented it >>> from fulfilling the request. >> >> However, 400 is much more specific: >> >>> 8.4.1. 400 Bad Request >>> >>> The request could not be understood by the server due to malformed >>> syntax. The client SHOULD NOT repeat the request without >>> modifications. >> >> I think the 400 definition needs to be broadened, so that people don't invent their own status codes, or misuse existing ones. >> >> E.g., >> >> """ >> The server can or will not process the request, due to a client error (e.g., malformed syntax). >> """ >> >> Additionally, I think we should move the caution against retrying the request to the general 4xx section (8.4)*. >> >> Background: >> http://docs.openstack.org/cactus/openstack-compute/developer/openstack-compute-api-1.1/content/Synchronous_Faults-d1e1729.html#comment-213643851 >> >> Thoughts? > > I have mixed opinions on this point. > > On the one hand, yes we said a server could use 503 + Retry-After for rate > shaping when it's overloaded. However in my opinion this is irrelevant to > the client and it might return that to any request during the overload > period. If the server is refusing to serve a client which is abusing, a 4xx > seems more appropriate, since the cause is this specific client, but I don't > see any existing one which fits the purpose. > > I have a principle of always ensuring that a client cannot cause a server > to emit 5xx codes if the server is working correctly. This is important > for someone like me who spends a lot of time staring at gigs of logs, > because when you spot a 5xx, it means something is going wrong with the > server. The only exception I found to this was 501. > > So my understanding has always been this : > - if the request is rejected because of the client, 4xx > - if the request is rejected regardless of the client, 5xx > > The difference is important when intermediaries look at return codes. > Some might want to reduce connection pools to the server when they see > 5xx. Some will declare a server down or failing when they see 5xx. > > Anyway, in the discussion at the link above, I'm not even sure the user > needs to get a Retry-After : if the client is abusing its contract, then > we don't necessarily want to see him reconnect ASAP when the abuse is > over. Still it can make sense to define one 4xx for client abuse. So, do you support the proposal I made? Note that this doesn't preclude minting a new status code if that's the right thing to do. -- Mark Nottingham http://www.mnot.net/
- Generic semantics for the 400 status code Mark Nottingham
- Re: Generic semantics for the 400 status code Willy Tarreau
- Re: Generic semantics for the 400 status code Mark Nottingham
- Re: Generic semantics for the 400 status code Willy Tarreau
- #303: Generic semantics for the 400 status code (… Mark Nottingham
- Re: #303: Generic semantics for the 400 status co… Mark Nottingham
- Re: #303: Generic semantics for the 400 status co… Julian Reschke
- #302, was: #303: Generic semantics for the 400 st… Julian Reschke
- Re: #302, was: #303: Generic semantics for the 40… Mark Nottingham
- Re: #302, was: #303: Generic semantics for the 40… Julian Reschke
- #303: Generic semantics for the 400 status code (… Julian Reschke
- Re: #303: Generic semantics for the 400 status co… Mark Nottingham