subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <>
Subject Re: serf error handling for locks without authn
Date Mon, 03 Jun 2013 23:10:54 GMT
On Mon, Jun 3, 2013 at 6:48 PM, Ben Reser <> wrote:
> On Mon, Jun 3, 2013 at 3:31 PM, Greg Stein <> wrote:
>> Yeah. HTTP_CONFLICT should be correct, there.
> Well technically 401 is right but we have now way of filling in the
> proper WWW-Authenticate header.  HTTP_CONFLICT doesn't sound
> particularly great either because that's supposed to be describing an
> issue with the state of the resource.

"This resource needs a username" or something like that :-)

> I'd argue that we should return a 500 range error since the problem
> here is that the server is not properly configured.  There is really

Nah. 500 means there is nothing the client can do, which isn't quite
accurate. A client *could* go ahead and fill in an Authorization:
header. (tho I don't know if Apache will parse it, without a config

> nothing a client can do to resolve the issue other than to
> authenticate, which our client is only going to do if the server is
> setup properly.  So I'd vote for returning HTTP_INTERNAL_SERVER_ERROR.

"our client" won't do anything. Doesn't mean another one would.

500 is really for "holy crap. something failed, and I have NO IDEA
what is going on. so just go away" That isn't really true in this


View raw message