Alexander Rojas created MESOS-4448:
--------------------------------------
Summary: When returning HTTP code 403 a description should be given
Key: MESOS-4448
URL: https://issues.apache.org/jira/browse/MESOS-4448
Project: Mesos
Issue Type: Bug
Components: general
Affects Versions: 0.26.0
Reporter: Alexander Rojas
Priority: Trivial
According with the HTTP Specification in [RFC-2616 Section
10.4.4|http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4]:
{quote}
If the request method was not HEAD and the server wishes to make public why the
request has not been fulfilled, it SHOULD describe the reason for the refusal
in the entity. If the server does not wish to make this information available
to the client, the status code 404 (Not Found) can be used instead.
{quote}
The definition of SHOULD in [RFC-2119|https://www.ietf.org/rfc/rfc2119.txt]
states:
{quote}
This word, or the adjective "RECOMMENDED", mean that there may exist valid
reasons in particular circumstances to ignore a particular item, but the full
implications must be understood and carefully weighed before choosing a
different course.
{quote}
That means that either each instance of returning {{http::Forbidden}} needs to
add a message in the body, or return 404 instead. If none of this apply, it
should be good to at least add a comment on why no body was added to the reply.
The places in need of an update are:
{noformat}
src/master/http.cpp
789: return Forbidden();
880: return Forbidden();
1209: return Forbidden();
1854: return Forbidden();
2482: return Forbidden();
src/master/quota_handler.cpp
344: return Forbidden();
453: return Forbidden();
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
