IETF Logo Mail Archive

Re: [OAUTH-WG] Returning HTTP 200 on Error for JSONP

Brian Eaton <beaton@google.com> Wed, 18 August 2010 06:29 UTC

Return-Path: <beaton@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 46B783A68BB for <oauth@core3.amsl.com>; Tue, 17 Aug 2010 23:29:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.139
X-Spam-Level:
X-Spam-Status: No, score=-104.139 tagged_above=-999 required=5 tests=[AWL=1.838, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2t7gW0XYs8Nd for <oauth@core3.amsl.com>; Tue, 17 Aug 2010 23:29:47 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id D57243A67E1 for <oauth@ietf.org>; Tue, 17 Aug 2010 23:29:46 -0700 (PDT)
Received: from wpaz5.hot.corp.google.com (wpaz5.hot.corp.google.com [172.24.198.69]) by smtp-out.google.com with ESMTP id o7I5w0ip002736 for <oauth@ietf.org>; Tue, 17 Aug 2010 22:58:01 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1282111081; bh=4UAjwcr7/wR1/ceCz2X7Gy3dFHw=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=a0tS2DQTMiF+pKxRO95SE81T0eLxW1HP5QWUwuf8jvWa2CLBxhEknH8q696cw69vO oR7tPk6rrlaShSPAB5aKQ==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:x-system-of-record; b=EU6VGsfz/9JCUe5fSWmzkobI4/hAKVfWh8BXb5M7kB6GY2TRGF43IkryI1x73RERi Zrj9q1Fpfe5WaPW6uofDQ==
Received: from pvc30 (pvc30.prod.google.com [10.241.209.158]) by wpaz5.hot.corp.google.com with ESMTP id o7I5vxFb030721 for <oauth@ietf.org>; Tue, 17 Aug 2010 22:57:59 -0700
Received: by pvc30 with SMTP id 30so110864pvc.28 for <oauth@ietf.org>; Tue, 17 Aug 2010 22:57:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.142.211.5 with SMTP id j5mr6665824wfg.261.1282111078875; Tue, 17 Aug 2010 22:57:58 -0700 (PDT)
Received: by 10.142.170.17 with HTTP; Tue, 17 Aug 2010 22:57:58 -0700 (PDT)
In-Reply-To: <AANLkTi=vGVVzzaQ8AP+bN=YU6_EXavc_M9Xr-sFLvL76@mail.gmail.com>
References: <1643FCF1-841F-41FF-B8A8-43269320CFA8@facebook.com> <D2742806-9180-4A5B-98D5-BFD68AF74EEA@facebook.com> <AANLkTikvz1FNvHN0W4TYyUn=0Nq_At2c+x793XTdwyLm@mail.gmail.com> <AANLkTinBqMvmKuoUq7Fy7XmJue5VEFYcw7qoca=0cWFs@mail.gmail.com> <4C69B719.3060303@lodderstedt.net> <DFB12E92-0E4D-46C2-8103-C74BAE6F65F9@facebook.com> <4C6A25F7.8060301@lodderstedt.net> <AANLkTinHehcMCsmxJt0hvLbLrLC5ERrjG38GDxaAMsiZ@mail.gmail.com> <241FE353-C52A-4505-8620-DEE9CF9F940E@lodderstedt.net> <FC1E2149-F8FF-4010-AAB8-273F8E2DC498@facebook.com> <AANLkTinz4r3AwTva1fu0okobC70Ht1gZei5wjN2eQW3H@mail.gmail.com> <AANLkTinSCrXs1LaLY1ByNFi_Ec9WOr2ETQdpRXYfm+ra@mail.gmail.com> <AANLkTinriRSq9_z4M-Brr59pyhJQm8aGaMnh6dsmmjqH@mail.gmail.com> <AANLkTi=vGVVzzaQ8AP+bN=YU6_EXavc_M9Xr-sFLvL76@mail.gmail.com>
Date: Tue, 17 Aug 2010 22:57:58 -0700
Message-ID: <AANLkTikRQdRMwA0HQTrZHpt+tqwVM_MoUNyDWS83i-rq@mail.gmail.com>
From: Brian Eaton <beaton@google.com>
To: John Panzer <jpanzer@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-System-Of-Record: true
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Returning HTTP 200 on Error for JSONP
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2010 06:29:48 -0000

On Tue, Aug 17, 2010 at 7:33 PM, John Panzer <jpanzer@google.com> wrote:
> Is there any legit reason other than jsonp specifically?

Protected resource authors are slack and are not going to read the
spec.  That might not be a great reason, but it's not a bad one
either.

The other reason people get funny with these status codes has to do
with browser behavior.  Sometimes browsers react in funny ways to
funny HTTP status codes.  To be on the safe side, developers tend to
return an HTTP 200 with whatever they want the user to see.

The last reason is that servers fail, and instead of returning the
error they meant to return they serve up a bit of static HTML that
says, more or less, "Whoa.  That sucked."

v2.30.2 | Report a Bug | By Email | System Status