At the moment ActionController verification returns "200 OK" if verfication has failed, unless the developer specified redirect_to. This status code doesn't seem appropriate, the request failed after all. I think "412 Precondition Failed" would be more appropriate, because one essentially specifies a list of preconditions. Any thoughts on this?
At the moment ActionController verification returns "200 OK" if verfication has failed, unless the developer specified redirect_to. This status code doesn't seem appropriate, the request failed after all. I think "412 Precondition Failed" would be more appropriate, because one essentially specifies a list of preconditions. Any thoughts on this?
Wouldn't that trigger the IE 'friendly error page'?
At the moment ActionController verification returns "200 OK" if verfication has failed, unless the developer specified redirect_to. This status code doesn't seem appropriate, the request failed after all. I think "412 Precondition Failed" would be more appropriate, because one essentially specifies a list of preconditions. Any thoughts on this?
Wouldn't that trigger the IE 'friendly error page'?
The IE 'friendly error pages' usually occur when the HTML message-body is smaller than a specific number of bytes. I think the 412 error code is excluded from this, but many 4xx and 5xx status codes aren't:
Jeromeweb - Web / SEO et Business
To get around this problem I've seen systems that pad HTML message-bodies with spaces or null characters to either 256 or 512 bytes depending on the status code.
The IE 'friendly error pages' usually occur when the HTML message-body is smaller than a specific number of bytes. I think the 412 error code is excluded from this, but many 4xx and 5xx status codes aren't:
Jeromeweb - Web / SEO et Business
To get around this problem I've seen systems that pad HTML message- bodies with spaces or null characters to either 256 or 512 bytes depending on the status code.
I'm not a huge user of verification, I prefer explicit filters, but if someone who is feels like implementing this and testing in IE to see if it triggers 'friendly errors', seems like this is worth a look.
Hongli Lai wrote:
At the moment ActionController verification returns "200 OK" if verfication has failed, unless the developer specified redirect_to. This status code doesn't seem appropriate, the request failed after all. I think "412 Precondition Failed" would be more appropriate, because one essentially specifies a list of preconditions. Any thoughts on this?
412 Precondition Failed
The precondition given in one or more of the request-header fields
evaluated to false when it was tested on the server. This response
code allows the client to place preconditions on the current resource
metainformation (header field data) and thus prevent the requested
method from being applied to a resource other than the one intended.
This refers to conditional headers like If-None-Match and If-Unmodified-Since, none of which are checked here.
Except for method verification which should be 405 (Method Not Allowed), I think the best status code would be 403 (Forbidden, not to be confused with 401, Unauthorized):
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated.
Assaf
