[geeklog-devel] Why the 403 code after spam detected? IIS7 doesn't like it
Dirk Haun
dirk at haun-online.de
Tue Oct 27 18:30:27 EDT 2009
Tom wrote:
>Is there any reason we should be generating this 403 error here?
Yes: It's proper HTTP.
The client sent a POST request and the server denies to fullfill it. In
which case we should tell the client why, by sending the 403 (machine-
readable) and the actual error message as the content (human-readable).
A 200 status code would be wrong here, since the POST request was not handled.
>This
>doesn't play nice with IIS7 which by default returns a custom summary error
>page.
I guess as long as it still indicates that a 403 happened, that would be
okay (need to check with the RFC). Still, I have to wonder why they
chose to do that.
> COM_displayMessageAndAbort ($result, 'spamx');
That would send a 200 status code which, as mentioned above, would be wrong.
Does IIS do the same for other error codes (from the 400 or 500 range)?
There may be one or two other status codes that we could use here if
it's only a problem with the 403.
bye, Dirk
--
http://www.geeklog.net/
http://geeklog.info/
More information about the geeklog-devel
mailing list