Hi all,
In the pull request about the introduction of the 405 status code in the
routing, there was a discussion about when we need to use exceptions to
generate some responses and when we need to subclass the Response class.
Some basic background first:
* Responses are generated by the developer (mostly in controllers) or
directly generated by the framework.
* We mostly need to deal with 3 types of status codes: 2xx (OK), 3xx
(redirection), 4xx/5xx (errors).
Exceptions should only be used for 4xx and 5xx status codes and
sub-classes for 2xx and 3xx status codes.
Response sub-classes are only useful when the Responses are created by
the developer and only if the status code has special rules (like the
Location header for a redirection).
What do we have today?
* Response (default to "200 OK", but can be used to create any Response).
* RedirectResponse (only for "301 Moved Permanently", "302 Found", "303
See Other", and "307 Temporary Redirect").
* HttpKernel/MethodNotAllowedHttpException for "405 Method Not Allowed"
* HttpKernel/NotFoundHttpException for "404 Not Found"
* HttpKernel/AccessDeniedHttpException for "403 Forbidden" (need PR 369
to be merged -- https://github.com/symfony/symfony/pull/369)
* HttpExceptions and Exceptions are caught by the exception listener and
converted to Response instances.
What do we need?
* For 2xx status codes, I think we don't need to create new sub-classes
(most useful ones are "201 Created", "202 Accepted", and "204 No Content").
* In the 3xx range, the only interesting status code left is "304 Not
Modified" which is always managed by the framework itself, and so does
not need a sub-class (it is already managed by the main Response class
via isNotModified() or setNotModified() methods).
* For all other 4xx and 5xx codes, I don't see a need to create specific
exceptions (the basic HttpException will do). Here is a list of the most
useful codes:
400 Bad Request
406 Not Acceptable
409 Conflict
410 Gone
412 Precondition Failed
413 Request Entity Too Large
414 Request-URI Too Long
415 Unsupported Media Type
500 Internal Server Error
501 Not Implemented
503 Service Unavailable
The only inconsistency is when the developer returns a Response with an
error status code (4xx/5xx). Right now, they are handled differently
than HTTP exceptions (not managed by the exception listener). I have a
fix in PR 370 for that (https://github.com/symfony/symfony/pull/370).
To sum up, after the merge of the two PRs I've talked about, I think our
management of HTTP status codes will be rock solid.
Thought?
Fabien
--
Fabien Potencier
Sensio CEO - Symfony lead developer
sensiolabs.com | symfony.com | fabien.potencier.org
Tél: +33 1 40 99 80 80
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
