Should ActionController verification return "412 Precondition Failed"?

At the moment ActionController verification returns "200 OK" if
verfication has failed, unless the developer specified redirect_to.
This status code doesn't seem appropriate, the request failed after
all. I think "412 Precondition Failed" would be more appropriate,
because one essentially specifies a list of preconditions. Any
thoughts on this?

At the moment ActionController verification returns "200 OK" if
verfication has failed, unless the developer specified redirect_to.
This status code doesn't seem appropriate, the request failed after
all. I think "412 Precondition Failed" would be more appropriate,
because one essentially specifies a list of preconditions. Any
thoughts on this?

Wouldn't that trigger the IE 'friendly error page'?

At the moment ActionController verification returns "200 OK" if
verfication has failed, unless the developer specified redirect_to.
This status code doesn't seem appropriate, the request failed after
all. I think "412 Precondition Failed" would be more appropriate,
because one essentially specifies a list of preconditions. Any
thoughts on this?

Wouldn't that trigger the IE 'friendly error page'?

The IE 'friendly error pages' usually occur when the HTML message-body is smaller than
a specific number of bytes. I think the 412 error code is excluded from this, but
many 4xx and 5xx status codes aren't:

   http://www.404-error-page.com/404-error-page-too-short-problem-microsoft-ie.shtml

To get around this problem I've seen systems that pad HTML message-bodies with spaces
or null characters to either 256 or 512 bytes depending on the status code.

The IE 'friendly error pages' usually occur when the HTML message-body
is smaller than
a specific number of bytes. I think the 412 error code is excluded
from this, but
many 4xx and 5xx status codes aren't:

   http://www.404-error-page.com/404-error-page-too-short-problem-microsoft-ie.shtml

To get around this problem I've seen systems that pad HTML message-
bodies with spaces
or null characters to either 256 or 512 bytes depending on the status
code.

I'm not a huge user of verification, I prefer explicit filters, but if
someone who is feels like implementing this and testing in IE to see
if it triggers 'friendly errors', seems like this is worth a look.

Hongli Lai wrote:

At the moment ActionController verification returns "200 OK" if
verfication has failed, unless the developer specified redirect_to.
This status code doesn't seem appropriate, the request failed after
all. I think "412 Precondition Failed" would be more appropriate,
because one essentially specifies a list of preconditions. Any
thoughts on this?

412 Precondition Failed


   The precondition given in one or more of the request-header fields
evaluated to false when it was tested on the server. This response
code allows the client to place preconditions on the current resource
metainformation (header field data) and thus prevent the requested
method from being applied to a resource other than the one intended.
This refers to conditional headers like If-None-Match and If-Unmodified-Since, none of which are checked here.
Except for method verification which should be 405 (Method Not Allowed), I think the best status code would be 403 (Forbidden, not to be confused with 401, Unauthorized):
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated.
Assaf