Here is my request URL:
http://server.com/app/user/getuser/?userId=9999
Note that userId is query parameter. Not embedded path parameter.
I understand that if the request URL is: http://server.com/app/user/getuser/9999 and the ID 9999 does not exist in database, The code 404 should be used.
BUT what HTTP status should be used for the case userId is query parameter? Right now I am returning 400 instead of 404.
I would use 404 Not Found.
Why?
The RFC 7231 defines a 400 Bad Request response like this:
The 400 (Bad Request) status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
...since your request is valid and you are just trying to access a resource that does not exist, I think a 404 Not Found status is more suitable. RFC 7231 defines its meaning like this:
The 404 (Not Found) status code indicates that the origin server did not find a current representation for the target resource or is not willing to disclose that one exists.
In my opinion, if the "user" is the resource, a better way to expose that resource is to use a URL like this: http://server.com/app/user/9999
Query parameters are best for searching a dataset, where an empty answer is still valid (200).
But, if you can't change the URL, 404 in this case is a valid option.
Related
The restangular docs states that the API with CORS error fails with a status code of 0, but mine is failing with -1.
From the docs:
This is typically caused by Cross Origin Request policy. In order to enable cross domain communication and get correct response with appropriate status codes, you must have the CORS headers attached, even in error responses. If the server does not attach the CORS headers to the response then the XHR object won't parse it, thus the XHR object won't have any response body, status or any other response data inside which typically will cause your request to fail with status code 0.
I have looked into similar questions on SO, but couldn't find anything related to this.
I'm having trouble getting the HTTP status code from a empty response that is empty. status code is required to show the corresponding message that happened.
I Tried everything but couldn't get the http status code from the response. Does anyone have an idea ?
I believe this server is broken. I don't think there's a circumstance where POST can result in a 304 Not Modified response.
Usually 304 Not Modified is in response to a GET or HEAD request, when If-Match or If-Modified-Since is used.
However, if those headers are used for other HTTP requests (such as POST), the correct response is 412 Precondition Failed.
You usually never see a 304, because when it's used correctly (with GET), the browser will still not expose the 304, but instead it will give you a 200 and a response that's served directly from cache.
So in short, my best guess is that you can't, because your server doesn't conform with HTTP all assumptions are kind of out of the window.
A Promise that will be resolved (request success) or rejected (request failure) with a response object.
The response object has these properties:
data – {string|Object} – The response body transformed with the transform functions.
status – {number} – HTTP status code of the response.
headers – {function([headerName])} – Header getter function.
config – {Object} – The configuration object that was used to generate the request.
statusText – {string} – HTTP status text of the response.
xhrStatus – {string} – Status of the XMLHttpRequest (complete, error, timeout or abort).
So in your case you can add second parameter as status to get status code
In postman I want to create a GET request that returns a 302 status code (along with a Location response header). I have been trying to replicate the original request from the browser inspector, but I always get a 200 response (and no Location response header).
How can I get the desired response with the Location response header?
Please try to turn off automatical redirects (File->Settings: General Tab):
What is probably happening is that Postman receives a 302 status code, but is configured to redirect in this case, so it automatically redirects after which Postman receives a 200 status code, which is what you end up seeing.
Apparently turning off "automatically follow redirects" should offer you a solution.
https://learning.getpostman.com/docs/postman/launching_postman/settings/
View postman request when redirects
this is a similar question to this post in SO.But the answer provided here cannot be applied in my case as i cannot change the response headers from server.
Suppose an http POST to a different origin. This implies CORS, including a CORS preflight exchange. Now suppose the OPTIONS request returns a 503 service unavailable error due to a server problem. In this case the error handler gives ""for data and 0 for status instead of giving me the status code 503 and the text:service not available. An example of this scenario is illustrated in the below image.
I am using angularjs $http and i know in the response there are no CORS header if such errors happen.and i cannot change it.
Is there any way i can receive the proper error code and the text in my rejection object.
This is not an issue of AngularJS / $http but it is the behavior of the browsers and their XMLHttpRequest object: If the CORS request fails, the browser does not give any information back to the caller.
Before I got this understanding, I also though it to be an AngularJS issue and I raised an open issue on github of Angular -> with the corresponding comment.
https://github.com/angular/angular.js/issues/13085#issuecomment-148047721
So I think there seems no other way to solve this as to add the Access-Control-Allow-Origin response header also on the proxy / load balancer in case of 503.
Edit:
If your load balancer is a HAproxy, the following may help you too:
HAproxy: different 503 errorfile for OPTIONS and POST methods
It shows how to let HAproxy anwer the CORS requests autonomous.
My web application uses ajax and i check request is ajax request or not via php codes. If not then i generate 404 error otherwise run php codes that associated ajax function.
If user or search spider tries to reach ajax function page(ex: /books/ajax/books_list) web app return 404 not found status code and i see a lot of 404 errors in google webmaster tools.
I should change 404 status code but which one is right for this condition ? Can be "406 not acceptable" ?
I think 403 (Forbidden) probably best describes it. The resource is there, but you've determined that you're not going to give access to that resource, and even authenticating the user isn't going to help.
I would suggest that you return the 406 you suggested. The only alternatives worth considering are '501 not implemented'
The server does not support the functionality required to fulfill the request.
This is the appropriate response when the server does not recognize the request
method and is not capable of supporting it for any resource
And '403 Forbidden'
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated.
If the request method was not HEAD and the server wishes to make
public why the request has not been fulfilled, it SHOULD describe
the reason for the refusal in the entity. If the server does not
wish to make this information available to the client, the status
code 404 (Not Found) can be used instead.
Not sure how you determine whether it's a proper Ajax request. If you expect it to be POST, but the spider uses GET, then it should be 405 (Method Not Allowed).
You should not be using 406: it means "not acceptable", in the sense that you cannot support the HTTP Accept: headers that the browser sent. This would likely be incorrect (as you likely aren't checking the Accept headers at all).
If you really reject the request because it comes from an unauthorized client, then 403 is appropriate.
It's my understanding that SE spiders get a little skittish if they see errors that indicate server problems. (A 406 can indicate a badly implemented server.) A 404 doesn't describe what you're looking for, as the resource is there, but a 403 (forbidden) just lets the spider know that this page isn't for them. You can also use your robots.txt file.