couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Curt Arnold (JIRA)" <j...@apache.org>
Subject [jira] Commented: (COUCHDB-484) validate_doc_update returns an HTTP 500 if validation fails
Date Mon, 04 Jan 2010 02:48:56 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12796067#action_12796067
] 

Curt Arnold commented on COUCHDB-484:
-------------------------------------

I have no recollection of seeing "throw({forbidden:"message"})" or anything similar in the
wiki documentation at the time that I logged the bug.  I don't know if this is an issue of
CouchDB evolving and addressing this issue independently or if the code was there but undocumented.

http://wiki.apache.org/couchdb/Security_Features_Overview doesn't describe using forbidden:
or unauthorized: to control the HTTP status code.  books.couchdb.org does describe the use,
but I don't think it was published at the time the bug was filed.


> validate_doc_update returns an HTTP 500 if validation fails
> -----------------------------------------------------------
>
>                 Key: COUCHDB-484
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-484
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>    Affects Versions: 0.9.1
>            Reporter: Curt Arnold
>         Attachments: validate_update.patch
>
>
> If a validate_doc_update method throws an exception to indicate that the proposed update
is unacceptable, the http interface will return an 500 status code which indicates that the
server is behaving unexpectedly.  However, this situation is an error on the client side and
should return a 4xx.  To me, looks like 403 would be the appropriate status code.  From http://www.ietf.org/rfc/rfc2616.txt:
> 10.4.4 403 Forbidden
>    The server understood the request, but is refusing to fulfill it.
>    Authorization will not help and the request SHOULD NOT be repeated.
>    If the request method was not HEAD and the server wishes to make
>    public why the request has not been fulfilled, it SHOULD describe the
>    reason for the refusal in the entity.  If the server does not wish to
>    make this information available to the client, the status code 404
>    (Not Found) can be used instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message