Should ActionController verification return "412 Precondition Failed"?

176 views
Skip to first unread message

Hongli Lai

unread,
Oct 29, 2007, 5:50:05 AM10/29/07
to Ruby on Rails: Core
At the moment ActionController verification returns "200 OK" if
verfication has failed, unless the developer specified redirect_to.
This status code doesn't seem appropriate, the request failed after
all. I think "412 Precondition Failed" would be more appropriate,
because one essentially specifies a list of preconditions. Any
thoughts on this?

Michael Koziarski

unread,
Oct 29, 2007, 4:44:53 PM10/29/07
to rubyonra...@googlegroups.com

Wouldn't that trigger the IE 'friendly error page'?
--
Cheers

Koz

Dan Kubb

unread,
Oct 29, 2007, 5:13:41 PM10/29/07
to rubyonra...@googlegroups.com

The IE 'friendly error pages' usually occur when the HTML message-body
is smaller than
a specific number of bytes. I think the 412 error code is excluded
from this, but
many 4xx and 5xx status codes aren't:

http://www.404-error-page.com/404-error-page-too-short-problem-microsoft-ie.shtml

To get around this problem I've seen systems that pad HTML message-
bodies with spaces
or null characters to either 256 or 512 bytes depending on the status
code.

--

Thanks,

Dan
__________________________________________________________________

Dan Kubb
Autopilot Marketing Inc.

Email: dan....@autopilotmarketing.com
Phone: 1 (604) 820-0212
Web: http://autopilotmarketing.com/
__________________________________________________________________

Michael Koziarski

unread,
Oct 29, 2007, 8:46:13 PM10/29/07
to rubyonra...@googlegroups.com
> The IE 'friendly error pages' usually occur when the HTML message-body
> is smaller than
> a specific number of bytes. I think the 412 error code is excluded
> from this, but
> many 4xx and 5xx status codes aren't:
>
> http://www.404-error-page.com/404-error-page-too-short-problem-microsoft-ie.shtml
>
> To get around this problem I've seen systems that pad HTML message-
> bodies with spaces
> or null characters to either 256 or 512 bytes depending on the status
> code.

I'm not a huge user of verification, I prefer explicit filters, but if
someone who is feels like implementing this and testing in IE to see
if it triggers 'friendly errors', seems like this is worth a look.

--
Cheers

Koz

Assaf Arkin

unread,
Oct 30, 2007, 10:08:20 PM10/30/07
to rubyonra...@googlegroups.com
412 Precondition Failed
   The precondition given in one or more of the request-header fields
   evaluated to false when it was tested on the server. This response
   code allows the client to place preconditions on the current resource
   metainformation (header field data) and thus prevent the requested
   method from being applied to a resource other than the one intended.

This refers to conditional headers like If-None-Match and If-Unmodified-Since, none of which are checked here.

Except for method verification which should be 405 (Method Not Allowed), I think the best status code would be 403 (Forbidden, not to be confused with 401, Unauthorized):

   The server understood the request, but is refusing to fulfill it.
   Authorization will not help and the request SHOULD NOT be repeated.

Assaf
Reply all
Reply to author
Forward
0 new messages