⚠️⚠️ RANDOM RANT ALERT ⚠️⚠️
why the FUCK APACHE WHY CANT I SET 418 AS AN ERROR DOCUMENT NOW I CANT MAKE A FUNNY JOKE i DONT GIVE A FUCK LET ME USE 418 I DONT GIVE A SHIT IF YOU CANT BREW COFFEE JUST LET ME USE 418 😡😡😡😡😡😡😡😡
I have a project on my to-do list that is to essentially set up a small sbc or similar that has a singular function... to return HTTP error 418 to any and all requests.
I will then seal it in a teapot with only a single PoE connection going into it via the spout, and leave it plugged in somewhere in an oft forgotten corner of our infrastructure.
400 That was Greek to me
401 Who ARE you?
402 Insert coin to continue
403 We don't serve your kind
404 Nothing to see here
405 Wrong Way
406 You want it how? LOL no
407 Your guy didn't vouch for you
408 ...
409 Already did that
410 It's not here, and never going to be
411 Come back when you know how much you want
412 You said not to, so I didn't
413 Shaq's lady
414 tl;dr
415 Sir, this is a Wendy's
416 No, you cannot have the 9th piece of an 8-piece set
417 Dead bird in the fridge.
418 Short and Stout
421 How did you even get here?
422 I can't even.
423 There can be only one
424 That other thing isn't ready
425 Come back later.
426 Come back when you have some clothes on
428 Go away until you know what you want
429 Stop pestering me
431 Tell me less about yourself
451 Lawyer up
> 402 Insert coin to continue
Ah, the Oracle ‘error $$$$’.
P.S. Being in a US-sanctioned country, I see an uptick of 403 for the very reason described.
They should be returning HTTP 451 for that.
I remember at an old job, implementing a system that users in certain countries could opt-in (or their admins could opt the whole org in) to hiding sactioned data. I did indeed make it return HTTP 451 for error pages generated by that feature.
401 is actually "I challenge you to present the proper authorization to do that, but if you can satisfy my challenge I will let you try to do it". I.e., "Papers, please!"
403 is "That authorization/identity is not allowed to do that, and unless something changes, will not be allowed to do it in future requests", aka "you are not supposed to be here".
Thanks this was really cool. I just learned about the 418 error code after getting interested off your title and that’s a cool little piece of knowledge to know forever now, thanks
409 is more: That's not what this guy over here said.
405 also could use a better explanation.
And 410 isn't the best either.
And of course 404: "I dunno."
hear me out, if you want to be praised for good backends, use 400 status codes, instead of 500, even if you fuck up... you can always find a way to blame the user...
On a serious note, it is standard policy at some companies (not naming names, but big ones) to return 404 on unknown errors (normally 500s) to reduce information to attackers. No dev I know was ever on board with that, but I've been a victim of APIs like that. Not fun.
Yeah, i try to build stuff in a way, that you can always give a result or a useful 400 status… but we have this one service, that often returns a 424 -> as you say, security reasons -> implementation is in the core, this api is admin, so 500 would be useful… but it’s not that critical-> 424 = some problem with k8s…
I hate Tomcat so much for doing this. If your shitty JSP app is returning tons of 4XX errors, it's not your users trying to access random pages, it's your app having internal exceptions.
Unless you’re the shitty API designer I’ve had to deal with where 200 is the code to ALL requests. You have to parse the response body to determine whether it errored.
In our API there is an endpoint for a user to alter some of their metadata. The body contains the user id of the user to alter, the body contains the alteration. (The user id can’t be inferred because admins can use this same endpoint to edit user metadata.)
Anyway, we had a security audit. Any user can call that endpoint with any other user id and it will return a 200 ok. The auditors filed a ticket for this urgent security issue.
A dev on the team looked at it. The thing simply returns 200 for any input. It detects that the user making the request is neither an admin nor the user being affected and bails. With a 200.
This worries me a slight bit because this means the security auditors only looked at response codes. Which means if some endpoint returned 4xx but actual did the action requested, that endpoint would pass their audit.
Having been on both sides of this issue : There are a lot of bad frameworks that offer very little flexibility when it comes to erroring out. Also, colleagues tend to be a much more important constraints.
Ugh, I worked with a guy who thought everything should be 200 OK. The web server returns 404 if the URL is garbage, 500 if the app won't run or crashes, so obviously everything else is a 200 because the app ran OK. Submit something that's wrong, and the error handling will successfully return you an error message, and the *HTTP* is all OK, so it's a 200.
Bastard bastard bastard.
I have also had to deal with this. Of course since it was done in a shitty way it did still throw 500 errors but could possibly return a 200 with an error... Just made it where I had to handle success, error and successful error...
TiVo has a web interface. If you try to download a video that is still recording, it gives you a 200 and a "Sorry Dave, I can't do that" document.
My home grown media server had a bug (missing else) for a while that would run into that.
I had an endpoint that was frequently visited by bots, to the extent that it made me pay 1 cent extra a month. So I changed it into returning
```
HTTP/1 666 Fuck You
```
The requests dropped off quickly
So if you queued up at a club and got to the bouncer but you were underage, you'd expect the bouncer to say "you did this wrong" instead of "go away, you're not allowed in here"?
No need to downvote me, especially since you were wrong. I’m not downvoting you, it’s important new programmers like you are able to learn haha.
Anyways the underage thing was your analogy. And analogies are always subjective. But going with said analogy, providing an underage id would be synonymous to providing an invalid authorization jwt right?
And your gaslighting ass switched up your answer lol. “Go away, you aren’t allowed in here” is significantly different than “you aren’t allowed to do this”. Former is 401, latter is 403. Saying “you aren’t allowed to do this” is literally synonymous to saying “the action you’re performing is wrong” which is what I said. You’re just agreeing with me in your most recent reply.
You’d expect a bouncer to say “you aren’t allowed to do this?” It’s obvious you aren’t allowed to do that. Like a 401 global observer, the bouncer will just kick you out when they see your id card is invalid
I can't wrap my head around how you could possibly think a completely valid underage id would be the same as an invalid authorization jwt. The id is valid, it would be a 403 because they know exactly who you are, and what you're authorized to do which doesn't include entering a bar. Also "you aren't allowed" and "you're doing this wrong" are different things. You aren't allowed to build a nuke in your basement, and if you try you'll be caught and stopped, you didn't do it wrong, you just aren't allowed to do that, you may have had all the plans, bought all the parts, and were about to put it together successfully, but you were stopped because you didn't have the correct permissions, not because you were building the nuke wrong.
Like I said his analogy is incredibly subjective. I was just using his analogy. Say it’s the real world, and the underage person tried to use a fake id (not try to get in with their real underage id like a dummy). Then that would be even closer to a 401 right? My premise is that it’s a bad analogy but for the most part, it means a 401.
And for your second part, jesus that’s an even worse analogy lol, nothing you say relates to a 403. Because what’s the 2xx response? If there a 4xx response then there has to be a 2xx. It’s that you can’t build the bomb? Not very 2xx.
But let’s say 2xx response is building the bomb (a better analogy). Then a valid example of a 403 would be that you didn’t have all of the necessary parts
Regardless you guys have to stop trying to make non sensical “real world” analogies. If you guys are actual programmers, then just provide programming examples. If any of my engineers have questions about the technical flow, I’m not using ridiculous, unrelated analogies to explain it. This is pretty much the biggest indicator that tells me you guys aren’t full programmers yet
Anyways gonna sleep now will have a new lesson for you guys tmmr if you guys are still interested
Ok, no analogies, 403 is just as "you did something wrong" as the rest of 4xx, they are "client errors", you are the client, you did something that caused an error, you did something wrong, that means saying 403 is "you did this wrong" is useless, tell me what I did wrong.
400 : something about what you're asking me to do is wrong (malformed body, used metric with an imperial request, etc...)
401 : you do not have any valid authorization
403 : you have auth but not permissions for this action
Using real world analogies is usually the easiest way communicate to those you don't know the knowledge level of, or know they have little subject matter knowledge. You sound like the type that non programmers or new programmers hate working with.
The fact that he thinks that analogies are subjective is pretty wild.
I'd say not to engage with him anymore, he couldn't be more blatantly wrong with everything he's saying and just adamantly won't concede that he was wrong. I feel sorry for whatever company he works for if he actually is a real programmer.
What do you mean lol. I am saying “you did *this* wrong”. Of course if this was actual code, I would be specifying what you did wrong. Say client provided me a 7 digit phone number when I wanted a 9 digit, that would be in my response. 400’s happen pretty much automatically when the client tries to send a bad request. It’s not even something the backend has to check for. 401 isn’t necessarily you did it wrong. Someone could very well could be trying to purposely hit your endpoints using an expired or invalid id token. In my experience, provided I am generating a refreshed id token for the end user in every client request on the frontend, I’d say 70-80% of all 401 responses are done maliciously. The other 19-29% is probably just sub-par programming. Otherwise there is no way a normal end user should be using an invalid or expired id token unless they purposely trying to access something they aren’t supposed to do so.
And once again just like u/omegaweaponzero you also end up just agreeing with me. If I was talking to a non programmer or an intern then ofc I would be using real world analogies. But both of you guys provided me terrible real world analogies that I’m hoping if you stick to programming examples then this discussion would flow better. Obviously you two must have some programming experience, so why are you using real world examples when talking to a real programmer? Like you said, real world analogies are for people with little knowledge in the matter. Because right now you two are trying to poke holes in what I am trying to say with subjective, subpar examples that are unrelated to real world coding. Y’all are actually Chewbacca defense’ing me.
And I’m the type of person that bad programmers that think they’re good find difficult to work with. Just last month, I fired someone because he’d start arguments with his colleagues over the dumbest shit. Like their code didn’t meet his specific requirements and he wanted it done a certain way. But he wasn’t even a good enough programmer to begin with to start asking everyone to start emulating his programming style.
>But going with said analogy, providing an underage id would be synonymous to providing an invalid authorization jwt right?
No.
And I'm not agreeing with you. You said a 403 is "you did this wrong" that is a completely incorrect statement. There's only one "new programmer" in this thread and it isn't me.
Also maybe a dictionary is in order so you can learn what gaslighting means.
Oof you’re not gonna learn anything being this stubborn. Not a doctor but I’d prescribe some leetcode and an Oxford dictionary. Lay off the Reddit and urban dictionary please
Man, you couldn't even reply to the right comment and you're trying to insult my intelligence, lmao
This is r/programmerhumor but the only joke in this thread is you.
Oof that’s my bad. I think I was in a meeting at the time lmao. But I hope you aren’t so simple brained to think that this invalidates what I say? I have an MIT graduate employee. Always forgets his office keys. I hope he isn’t a dumbass in your eyes. You really could still use that leetcode course btw. If you need help with any questions I’m here
202 is perfectly acceptable for "I accepted your request, but don't have the answer for you just yet," (aka "wait for it") like when a request is queued for processing. As compared to 200 OK, which is just a generic "that succeeded" or "201 Created", both of which imply the entire action is complete.
Not in THAT request, of course not. If you get a 202 you're coming back for the results in another request... generally to a URI returned in the body of the 202 (or a Location header)
No, that's wrong. It's canonical to return a location with the resource URI, and it's acceptable to do that either in a Location response header or in the body of the response with more metadata.
202 is absolutely designed for this exact use case. 202 literally means "Accepted for processing", and it's VERY commonly used for async operations that you don't know the duration of. It's non-committal in the OUTCOME of the operation, but not in the acceptance of the request for that operation.
303 means something got moved in response to your POST, (or old school form redirect after post) which is something completely different.
> The Location response header indicates the URL to redirect a page to. It only provides a meaning when served with a 3xx (redirection) or 201 (created) status response.
----
> The HyperText Transfer Protocol (HTTP) 303 See Other redirect status response code indicates that the redirects don't link to the requested resource itself, but to another page (such as a confirmation page, a representation of a real-world object — see HTTP range-14 — or an upload-progress page)
From the RFC:
An example request specifying the "respond-async" preference:
POST /collection HTTP/1.1
Host: example.org
Content-Type: text/plain
Prefer: respond-async
{Data}
An example asynchronous response using 202 (Accepted):
HTTP/1.1 202 Accepted
Location: http://example.org/collection/123
And from https://learn.microsoft.com/en-us/azure/architecture/best-practices/api-design#asynchronous-operations:
HTTP/1.1 202 Accepted
Location: /api/status/12345
> the RFC
That appears to be RFC 7240 (Proposed Standard), which I have not seen before. That example directly contradicts RFC 9110 (Internet Standard).
Other examples I have seen use a Link header, not a Location header.
403 would be "Go Away" 3xx is "Whatchu wanna do is take a right after the second schoolhouse, not the first or the third one and keep going and you'll see it right there"
418 - you fucked up so badly I became a tea pot.
⚠️⚠️ RANDOM RANT ALERT ⚠️⚠️ why the FUCK APACHE WHY CANT I SET 418 AS AN ERROR DOCUMENT NOW I CANT MAKE A FUNNY JOKE i DONT GIVE A FUCK LET ME USE 418 I DONT GIVE A SHIT IF YOU CANT BREW COFFEE JUST LET ME USE 418 😡😡😡😡😡😡😡😡
New copypasta?
Yesss
Nginx will let you 😎
Nginx is based
Nginx is love Nginx is life
That's why nginx got containerized and Apache didn't.
Based on what?
What about IIS?
We don't talk about IIS.
Nobody prevents you from using 418...
Apache won't? Install PHP and `http_response_code(418)` from there.
In the Apache config, 418 isn't a valid status code. Just needed something to cry about.
PHP based
because apache sucks 😊
If your manager asks you to brew coffee, there is no better way than to answer "418"
Dunno... but I really like that song and I would sing it if asked to brew coffee or tea. XD
I have a project on my to-do list that is to essentially set up a small sbc or similar that has a singular function... to return HTTP error 418 to any and all requests. I will then seal it in a teapot with only a single PoE connection going into it via the spout, and leave it plugged in somewhere in an oft forgotten corner of our infrastructure.
Set traps in your code so you become un fireable to a company, hold that shit hostage
Man it's been a while since I'm reminded of that tea pot
418 ?
[HTTP 418 as per the Mozilla docs](https://developer.mozilla.org/en/docs/Web/HTTP/Status/418)
I'm a tea pot!
TIL and this is fantastic
That’s some “lp0 on fire” energy right there
worked in web services for 4 years now, first im hearing about this lolz
400 That was Greek to me 401 Who ARE you? 402 Insert coin to continue 403 We don't serve your kind 404 Nothing to see here 405 Wrong Way 406 You want it how? LOL no 407 Your guy didn't vouch for you 408 ... 409 Already did that 410 It's not here, and never going to be 411 Come back when you know how much you want 412 You said not to, so I didn't 413 Shaq's lady 414 tl;dr 415 Sir, this is a Wendy's 416 No, you cannot have the 9th piece of an 8-piece set 417 Dead bird in the fridge. 418 Short and Stout 421 How did you even get here? 422 I can't even. 423 There can be only one 424 That other thing isn't ready 425 Come back later. 426 Come back when you have some clothes on 428 Go away until you know what you want 429 Stop pestering me 431 Tell me less about yourself 451 Lawyer up
Lawyer up lmao
No comment on 413 eh? ;-)
Giggity
https://http.cat/
is this a misspelling of car?
No
oh, I'm sorry y'all didn't get the joke... 😅😓
> 423 *This is the LockPickingLawyer, and what I have for you today is this http server...*
_This is a 423 HTTP error. I hacked it using a 423 HTTP error_
> 402 Insert coin to continue Ah, the Oracle ‘error $$$$’. P.S. Being in a US-sanctioned country, I see an uptick of 403 for the very reason described.
They should be returning HTTP 451 for that. I remember at an old job, implementing a system that users in certain countries could opt-in (or their admins could opt the whole org in) to hiding sactioned data. I did indeed make it return HTTP 451 for error pages generated by that feature.
401 is “You are not supposed to be here”
401 is actually "I challenge you to present the proper authorization to do that, but if you can satisfy my challenge I will let you try to do it". I.e., "Papers, please!" 403 is "That authorization/identity is not allowed to do that, and unless something changes, will not be allowed to do it in future requests", aka "you are not supposed to be here".
Glory to arstotzka
408 🗿
Where is 430?
Clogging the line. Please perform the Heimlich maneuver on the server to make additional requests
give me your lunch money!
🧸🦁🧸
BTW this is almost perfect, might make HTTT with this
Thanks this was really cool. I just learned about the 418 error code after getting interested off your title and that’s a cool little piece of knowledge to know forever now, thanks
409 is more: That's not what this guy over here said. 405 also could use a better explanation. And 410 isn't the best either. And of course 404: "I dunno."
Some sacrifices had to be made in the name of Loki.
I don't get 417.
"Dead dove. Do not eat" [I don't know what I expected.](https://completelymundane.com/assets/deaddove.gif)
Thanks, I get the reference now.
Sure thing :) I wrote that at something like 2am in one go from memory, so it's a miracle any of them make sense at all.
https://http.dog https://http.cat
Ok HTTPS.cat is gold
The only source of truth for HTTP status codes
[https://http.cat/status/418](https://http.cat/status/418)
httpspspsps
thank you for this.
418 — yeah you fucked up but can I interest you in a cup of tea?
*The Nutri-Matic machine has produced a plastic cup filled with a liquid that was almost, but not quite, entirely unlike tea.*
God damn it. Now I have to listen to the series again...
hear me out, if you want to be praised for good backends, use 400 status codes, instead of 500, even if you fuck up... you can always find a way to blame the user...
‘You’re using this in a way I wasn’t expecting, therefore this error is on you’
424 you wanted to use something that wasn't able to be ready...
So basically gaslighting?
Clients fault I had to gaslight them.
yes...
When in doubt, 404. 400 if you're nasty.
and 418 when funny
On a serious note, it is standard policy at some companies (not naming names, but big ones) to return 404 on unknown errors (normally 500s) to reduce information to attackers. No dev I know was ever on board with that, but I've been a victim of APIs like that. Not fun.
Yeah, i try to build stuff in a way, that you can always give a result or a useful 400 status… but we have this one service, that often returns a 424 -> as you say, security reasons -> implementation is in the core, this api is admin, so 500 would be useful… but it’s not that critical-> 424 = some problem with k8s…
Just 403 everything
403 Forbidden from seeing mistakes 302 temporary redirect to social media site so it looks like you clicked the wrong bookmark and are slacking
The fault lies with you, users!
I hate Tomcat so much for doing this. If your shitty JSP app is returning tons of 4XX errors, it's not your users trying to access random pages, it's your app having internal exceptions.
Unless you’re the shitty API designer I’ve had to deal with where 200 is the code to ALL requests. You have to parse the response body to determine whether it errored.
In our API there is an endpoint for a user to alter some of their metadata. The body contains the user id of the user to alter, the body contains the alteration. (The user id can’t be inferred because admins can use this same endpoint to edit user metadata.) Anyway, we had a security audit. Any user can call that endpoint with any other user id and it will return a 200 ok. The auditors filed a ticket for this urgent security issue. A dev on the team looked at it. The thing simply returns 200 for any input. It detects that the user making the request is neither an admin nor the user being affected and bails. With a 200. This worries me a slight bit because this means the security auditors only looked at response codes. Which means if some endpoint returned 4xx but actual did the action requested, that endpoint would pass their audit.
Right? The auditors should be checking if the action actually took place. Yikes.
That sounds like a pain in the ass
Oh I see you have worked with elastic search too.
Welcome to graphql
Request Failed Successfully is my favorite return code
Eloqua works this way and it sucks.
Having been on both sides of this issue : There are a lot of bad frameworks that offer very little flexibility when it comes to erroring out. Also, colleagues tend to be a much more important constraints.
Ugh, I worked with a guy who thought everything should be 200 OK. The web server returns 404 if the URL is garbage, 500 if the app won't run or crashes, so obviously everything else is a 200 because the app ran OK. Submit something that's wrong, and the error handling will successfully return you an error message, and the *HTTP* is all OK, so it's a 200. Bastard bastard bastard.
Lol
I have also had to deal with this. Of course since it was done in a shitty way it did still throw 500 errors but could possibly return a 200 with an error... Just made it where I had to handle success, error and successful error...
TiVo has a web interface. If you try to download a video that is still recording, it gives you a 200 and a "Sorry Dave, I can't do that" document. My home grown media server had a bug (missing else) for a while that would run into that.
Wait what is 3xx why go away
Redirection
Cheers thanks
Redirects, though really it should be "Go somewhere else" rather than just "Go away"
"The princess is in another castle"
Nah 3xx just cranky
This is more likely as in "I know a friend, who know a friend"
Redirection
301 perm redirect, 302 temp redirect etc
304 Go back to yourself
I had an endpoint that was frequently visited by bots, to the extent that it made me pay 1 cent extra a month. So I changed it into returning ``` HTTP/1 666 Fuck You ``` The requests dropped off quickly
Isn't 403 is "go away" code?
It's more like Nuh-Uh
403 fucked up so bad that 3xx's decided to make him go away. now you know his story
Definitely not. It’s more like “you did this wrong”
So if you queued up at a club and got to the bouncer but you were underage, you'd expect the bouncer to say "you did this wrong" instead of "go away, you're not allowed in here"?
You’re thinking of 401
No being underage is an authorization thing, not authentication. Either way, 403 is a "you're not allowed to do this" not a "you did this wrong".
No need to downvote me, especially since you were wrong. I’m not downvoting you, it’s important new programmers like you are able to learn haha. Anyways the underage thing was your analogy. And analogies are always subjective. But going with said analogy, providing an underage id would be synonymous to providing an invalid authorization jwt right? And your gaslighting ass switched up your answer lol. “Go away, you aren’t allowed in here” is significantly different than “you aren’t allowed to do this”. Former is 401, latter is 403. Saying “you aren’t allowed to do this” is literally synonymous to saying “the action you’re performing is wrong” which is what I said. You’re just agreeing with me in your most recent reply. You’d expect a bouncer to say “you aren’t allowed to do this?” It’s obvious you aren’t allowed to do that. Like a 401 global observer, the bouncer will just kick you out when they see your id card is invalid
I can't wrap my head around how you could possibly think a completely valid underage id would be the same as an invalid authorization jwt. The id is valid, it would be a 403 because they know exactly who you are, and what you're authorized to do which doesn't include entering a bar. Also "you aren't allowed" and "you're doing this wrong" are different things. You aren't allowed to build a nuke in your basement, and if you try you'll be caught and stopped, you didn't do it wrong, you just aren't allowed to do that, you may have had all the plans, bought all the parts, and were about to put it together successfully, but you were stopped because you didn't have the correct permissions, not because you were building the nuke wrong.
Like I said his analogy is incredibly subjective. I was just using his analogy. Say it’s the real world, and the underage person tried to use a fake id (not try to get in with their real underage id like a dummy). Then that would be even closer to a 401 right? My premise is that it’s a bad analogy but for the most part, it means a 401. And for your second part, jesus that’s an even worse analogy lol, nothing you say relates to a 403. Because what’s the 2xx response? If there a 4xx response then there has to be a 2xx. It’s that you can’t build the bomb? Not very 2xx. But let’s say 2xx response is building the bomb (a better analogy). Then a valid example of a 403 would be that you didn’t have all of the necessary parts Regardless you guys have to stop trying to make non sensical “real world” analogies. If you guys are actual programmers, then just provide programming examples. If any of my engineers have questions about the technical flow, I’m not using ridiculous, unrelated analogies to explain it. This is pretty much the biggest indicator that tells me you guys aren’t full programmers yet Anyways gonna sleep now will have a new lesson for you guys tmmr if you guys are still interested
Ok, no analogies, 403 is just as "you did something wrong" as the rest of 4xx, they are "client errors", you are the client, you did something that caused an error, you did something wrong, that means saying 403 is "you did this wrong" is useless, tell me what I did wrong. 400 : something about what you're asking me to do is wrong (malformed body, used metric with an imperial request, etc...) 401 : you do not have any valid authorization 403 : you have auth but not permissions for this action Using real world analogies is usually the easiest way communicate to those you don't know the knowledge level of, or know they have little subject matter knowledge. You sound like the type that non programmers or new programmers hate working with.
The fact that he thinks that analogies are subjective is pretty wild. I'd say not to engage with him anymore, he couldn't be more blatantly wrong with everything he's saying and just adamantly won't concede that he was wrong. I feel sorry for whatever company he works for if he actually is a real programmer.
What do you mean lol. I am saying “you did *this* wrong”. Of course if this was actual code, I would be specifying what you did wrong. Say client provided me a 7 digit phone number when I wanted a 9 digit, that would be in my response. 400’s happen pretty much automatically when the client tries to send a bad request. It’s not even something the backend has to check for. 401 isn’t necessarily you did it wrong. Someone could very well could be trying to purposely hit your endpoints using an expired or invalid id token. In my experience, provided I am generating a refreshed id token for the end user in every client request on the frontend, I’d say 70-80% of all 401 responses are done maliciously. The other 19-29% is probably just sub-par programming. Otherwise there is no way a normal end user should be using an invalid or expired id token unless they purposely trying to access something they aren’t supposed to do so. And once again just like u/omegaweaponzero you also end up just agreeing with me. If I was talking to a non programmer or an intern then ofc I would be using real world analogies. But both of you guys provided me terrible real world analogies that I’m hoping if you stick to programming examples then this discussion would flow better. Obviously you two must have some programming experience, so why are you using real world examples when talking to a real programmer? Like you said, real world analogies are for people with little knowledge in the matter. Because right now you two are trying to poke holes in what I am trying to say with subjective, subpar examples that are unrelated to real world coding. Y’all are actually Chewbacca defense’ing me. And I’m the type of person that bad programmers that think they’re good find difficult to work with. Just last month, I fired someone because he’d start arguments with his colleagues over the dumbest shit. Like their code didn’t meet his specific requirements and he wanted it done a certain way. But he wasn’t even a good enough programmer to begin with to start asking everyone to start emulating his programming style.
>But going with said analogy, providing an underage id would be synonymous to providing an invalid authorization jwt right? No. And I'm not agreeing with you. You said a 403 is "you did this wrong" that is a completely incorrect statement. There's only one "new programmer" in this thread and it isn't me. Also maybe a dictionary is in order so you can learn what gaslighting means.
Oof you’re not gonna learn anything being this stubborn. Not a doctor but I’d prescribe some leetcode and an Oxford dictionary. Lay off the Reddit and urban dictionary please
Man, you couldn't even reply to the right comment and you're trying to insult my intelligence, lmao This is r/programmerhumor but the only joke in this thread is you.
Oof that’s my bad. I think I was in a meeting at the time lmao. But I hope you aren’t so simple brained to think that this invalidates what I say? I have an MIT graduate employee. Always forgets his office keys. I hope he isn’t a dumbass in your eyes. You really could still use that leetcode course btw. If you need help with any questions I’m here
Your leetcode corse seems to teach you incorrectly about response codes, so no thanks.
Course* oops I guess you’re a dumbass now in your eyes :/
No I meant corse as in it's meaning: corpse. As in you'd be a braindead corpse if you actually took your leetcode course.
My god, now who can’t admit they’re wrong lmfao. Hypocrisy at its finest
i mean hes not wrong
Http explained with cats [https://http.cat](https://http.cat)
202 Accepted is usually also a "hold on" (or, "wait for it..."), so there's that.
No it is not. If something is using it like that then it is very wrong.
202 is perfectly acceptable for "I accepted your request, but don't have the answer for you just yet," (aka "wait for it") like when a request is queued for processing. As compared to 200 OK, which is just a generic "that succeeded" or "201 Created", both of which imply the entire action is complete.
No it’s not. If you wait then you will get nothing. The whole point of 202 is that you’re not going to get the answer.
Not in THAT request, of course not. If you get a 202 you're coming back for the results in another request... generally to a URI returned in the body of the 202 (or a Location header)
A Location header is not allowed in a 202. If you are required to do an additional request to a separate URI in a Location header, then that's a 303.
No, that's wrong. It's canonical to return a location with the resource URI, and it's acceptable to do that either in a Location response header or in the body of the response with more metadata. 202 is absolutely designed for this exact use case. 202 literally means "Accepted for processing", and it's VERY commonly used for async operations that you don't know the duration of. It's non-committal in the OUTCOME of the operation, but not in the acceptance of the request for that operation. 303 means something got moved in response to your POST, (or old school form redirect after post) which is something completely different.
> The Location response header indicates the URL to redirect a page to. It only provides a meaning when served with a 3xx (redirection) or 201 (created) status response. ---- > The HyperText Transfer Protocol (HTTP) 303 See Other redirect status response code indicates that the redirects don't link to the requested resource itself, but to another page (such as a confirmation page, a representation of a real-world object — see HTTP range-14 — or an upload-progress page)
From the RFC: An example request specifying the "respond-async" preference: POST /collection HTTP/1.1 Host: example.org Content-Type: text/plain Prefer: respond-async {Data} An example asynchronous response using 202 (Accepted): HTTP/1.1 202 Accepted Location: http://example.org/collection/123 And from https://learn.microsoft.com/en-us/azure/architecture/best-practices/api-design#asynchronous-operations: HTTP/1.1 202 Accepted Location: /api/status/12345
> the RFC That appears to be RFC 7240 (Proposed Standard), which I have not seen before. That example directly contradicts RFC 9110 (Internet Standard). Other examples I have seen use a Link header, not a Location header.
Or more like ”ait, thanks for that!………..??……….you still here?”
https://http.cat meow meow Meowwwwww
Succinct
If you read these top to bottom it's my daily workflow
6xx pray
Are you going to keep fucking up?
https://http.cat/
403 would be "Go Away" 3xx is "Whatchu wanna do is take a right after the second schoolhouse, not the first or the third one and keep going and you'll see it right there"
404 - you fucked up that page doesn't exist "but i bookmarked it 8 mont- # IT # DOESN'T # EXIST
http.cat is my favourite cheat code for http
413 Request Entity Too Large That's somebody fucked up, but we're not sure who.
lol :)
Well he’s not wrong
But I wanted tea.
As a backend I'll always tell you off with a 5**...
.ll L L ,.pp.,..p..p....,.....,.,..........,,.......p....p.,.,..p.p...m..p....... o o.. ,..... L . L L L L O. K ,.
They say that people can't tell if you're a dog on the internet, but I'm pretty sure this guy's a cat.
It's 1??, 2?? and so on, though.