[
https://issues.apache.org/jira/browse/COUCHDB-484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12796067#action_12796067
]
Curt Arnold commented on COUCHDB-484:
-------------------------------------
I have no recollection of seeing "throw({forbidden:"message"})" or anything
similar in the wiki documentation at the time that I logged the bug. I don't
know if this is an issue of CouchDB evolving and addressing this issue
independently or if the code was there but undocumented.
http://wiki.apache.org/couchdb/Security_Features_Overview doesn't describe
using forbidden: or unauthorized: to control the HTTP status code.
books.couchdb.org does describe the use, but I don't think it was published at
the time the bug was filed.
> validate_doc_update returns an HTTP 500 if validation fails
> -----------------------------------------------------------
>
> Key: COUCHDB-484
> URL: https://issues.apache.org/jira/browse/COUCHDB-484
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Affects Versions: 0.9.1
> Reporter: Curt Arnold
> Attachments: validate_update.patch
>
>
> If a validate_doc_update method throws an exception to indicate that the
> proposed update is unacceptable, the http interface will return an 500 status
> code which indicates that the server is behaving unexpectedly. However, this
> situation is an error on the client side and should return a 4xx. To me,
> looks like 403 would be the appropriate status code. From
> http://www.ietf.org/rfc/rfc2616.txt:
> 10.4.4 403 Forbidden
> The server understood the request, but is refusing to fulfill it.
> Authorization will not help and the request SHOULD NOT be repeated.
> If the request method was not HEAD and the server wishes to make
> public why the request has not been fulfilled, it SHOULD describe the
> reason for the refusal in the entity. If the server does not wish to
> make this information available to the client, the status code 404
> (Not Found) can be used instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
