subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <>
Subject Re: serf error handling for locks without authn
Date Mon, 03 Jun 2013 23:23:54 GMT
On Mon, Jun 3, 2013 at 7:10 PM, Greg Stein <> wrote:
> On Mon, Jun 3, 2013 at 6:48 PM, Ben Reser <> wrote:
>> I'd argue that we should return a 500 range error since the problem
>> here is that the server is not properly configured.  There is really
> Nah. 500 means there is nothing the client can do, which isn't quite
> accurate. A client *could* go ahead and fill in an Authorization:
> header. (tho I don't know if Apache will parse it, without a config
> there)
>> nothing a client can do to resolve the issue other than to
>> authenticate, which our client is only going to do if the server is
>> setup properly.  So I'd vote for returning HTTP_INTERNAL_SERVER_ERROR.

On IRC, Ben and I tossed this around. The short answer is "the server
is not configured to allow a LOCK operation." 501 (Not Implemented)
states it is an appropriate status when the server is unable to
support the request method.

We can also adjust the error string in append_locks() to something like:
  "Anonymous lock creation is not allowed. The server configuration
will not allow a LOCK."

That points to the configuration problem. And the 501 is pretty darned
close to what we want.

As Ben noted on IRC, a 4xx response implies the client got something
wrong. The root problem is on the server, and that implies a 5xx


View raw message