Malcolm Tredinnick wrote: > On Fri, 2006-09-22 at 15:28 +0200, Gábor Farkas wrote: > [...] >> in this case, technically the user should not be able to have the url >> without the querystring, except if he is playing with the url :) >> >> i mean "what is the most standard-conformant and correct response"? >> >> http-404 certainly not imho. > > 404 is not unreasonable. "Resource not found" is certainly an acceptable > response here, since there was no resource to find. It's also reasonable > to use 404 for "nothing here" when you don't want to give the reason (as > per the RFC). > >> http-500 seems also wrong, because there was no unexpected error in the >> server. > > Your server didn't have an error. So, no. > >> http-400 bad request maybe? > > I would use 403 (forbidden) or 404. Note that, as per the RFC, 403 > responses indicate that authorization will not help and the request > should not be repeated unchanged. You can even put something like "quit > screwing around with the query string" -- or other message -- in the > body if you like (for a 403). >
and again i learned something... somehow i always assumed that 403 is tied to http-authentication, but now, (after this email, and reading (again) the rfc), i see that it does not "depend" on authorization at all, in fact, it's saying it will not help. interesting. thanks, gabor --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
