Re: HTTP status code for "response too large"

Julian Reschke <> Wed, 18 April 2012 11:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 116B121F8594 for <>; Wed, 18 Apr 2012 04:59:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.767
X-Spam-Status: No, score=-6.767 tagged_above=-999 required=5 tests=[AWL=3.832, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PW3Orh7u9a8n for <>; Wed, 18 Apr 2012 04:59:47 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7D3B521F855F for <>; Wed, 18 Apr 2012 04:59:47 -0700 (PDT)
Received: from lists by with local (Exim 4.69) (envelope-from <>) id 1SKTWG-0001Z9-Fd for; Wed, 18 Apr 2012 11:57:56 +0000
Received: from ([]) by with esmtp (Exim 4.69) (envelope-from <>) id 1SKTW7-0001YC-Tz for; Wed, 18 Apr 2012 11:57:47 +0000
Received: from ([]) by with smtp (Exim 4.72) (envelope-from <>) id 1SKTW1-0007d4-I4 for; Wed, 18 Apr 2012 11:57:45 +0000
Received: (qmail invoked by alias); 18 Apr 2012 11:57:14 -0000
Received: from (EHLO []) [] by (mp029) with SMTP; 18 Apr 2012 13:57:14 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1/4cbVkQe74tTAt6OsD9U0aRZO/uoyTOfhx7ENvHT LJQE9Xq1irLFYR
Message-ID: <>
Date: Wed, 18 Apr 2012 13:57:14 +0200
From: Julian Reschke <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: Andreas Maier <>
CC: Mark Nottingham <>, IETF HTTP WG <>, Thomas Narten <>
References: <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-1.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001
X-W3C-Scan-Sig: 1SKTW1-0007d4-I4 f568cc183b9f72936510672082a755ce
Subject: Re: HTTP status code for "response too large"
Archived-At: <>
X-Mailing-List: <> archive/latest/13453
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>
Resent-Message-Id: <>
Resent-Date: Wed, 18 Apr 2012 11:57:56 +0000

On 2012-04-18 13:41, Andreas Maier wrote:
> Hi Mark,
> I am working for IBM in the DMTF standards org. We are defining a RESTful
> protocol for CIM based directly on HTTP ("CIM-RS"), and we want to be as
> truthfully RESTful and HTTP compliant as possible.
> We want to support an "expand" query parameter that causes references to
> resources in the result to be expanded to the resources that they
> reference. One of the error situations in this context is that the
> expansion can lead to a result that is too large to handle for the server
> (e.g. in cases of high mutiplicities on CIM associations). The recovery for
> this situation is that the client specifies less expansions in the first
> request issues subsequent requests for separate expansion (one per
> reference, which can then be paged into multiple responses in case of high
> multiplicities).
> So it is not the typical server-side recovery, where the client waits for
> less load on the server or the server admin needs to add more resources to
> the server. The recovery attempt can be immediately decided upon by the
> client without any change in server configuration or workload.
> We'd like to have a HTTP status code that allows the client to detect this
> situation so it can recover from it. In order to make it easy for the
> client, I think that should not be a use of status code 500, but its own
> status code. I checked all status codes on the IANA HTTP status code
> registry and found no one that matched this situation. But I found that the
> HTTP WG is working on an RFC for additional HTTP status codes that is
> currently in draft :-)

a) It's not the HTTP WG, and b) it has been approved already.

> So my questions to you and the WG are:
>     - Do you have a recommendation on how to handle this situation?
>     - How is your view on the idea to add an HTTP status code for "response
>     too large"?
> ...

First of all, it's not really a server error; it's the client request 
that needs to change; thus I believe it should be a 4xx.

Also, WebDAV (RFC 4918) has a similar case where servers may choose not 
to honor too complex PROPFIND requests. In this case, the server just 
sends a 403 Forbidden, and the response body contain sufficient 
additional information for a protocol-aware client to understand what 
happened. Maybe that would be an alternative.

Best regards, Julian