[
https://issues.apache.org/jira/browse/MESOS-5637?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15338012#comment-15338012
]
Till Toenshoff edited comment on MESOS-5637 at 6/18/16 5:10 PM:
----------------------------------------------------------------
I am proposing consistently go with 503 without further reasoning for security
reasons and then an error message logged to aid operators.
was (Author: tillt):
I am proposing consistently go with 503 + error message.
> Authorized endpoint results are inconsistent for failures.
> ----------------------------------------------------------
>
> Key: MESOS-5637
> URL: https://issues.apache.org/jira/browse/MESOS-5637
> Project: Mesos
> Issue Type: Bug
> Components: master, modules
> Affects Versions: 1.0.0
> Reporter: Till Toenshoff
> Assignee: Till Toenshoff
> Labels: authorization, mesosphere, security
>
> When trying to access authorized endpoints, the resulting HTTP status codes
> are not consistent for internal authorizer failures (failed future returned
> by {{authorized}}).
> {{/flags}}:
> {noformat}
> HTTP/1.1 503 Service Unavailable
> Date: Fri, 17 Jun 2016 23:11:04 GMT
> Content-Length: 0
> {noformat}
> {{/state}}:
> {noformat}
> HTTP/1.1 500 Internal Server Error
> Date: Fri, 17 Jun 2016 23:08:49 GMT
> Content-Type: text/plain; charset=utf-8
> Content-Length: size($FUTURE_ERROR_MESSAGE)
> $FUTURE_ERROR_MESSAGE
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
