https://krotscheck.github.io/presentations/2018_02_08_http_status_codes/index.html

HTTP Status Codes

Everything you never wanted to know crammed into 10 minutes.

Introductions!

Speaker:
Michael Krotscheck
VMware (Hiring!!)
krotscheck
https://github.com/krotscheck
https://www.krotscheck.net
Source:
https://github.com/krotscheck/presentations

Resource Lifecycle

200 OK


GET /resource
Host: example.com


HTTP/1.1 200 OK
Content-Type: application/json
Date: Tue, 5 Dec 2017 06:25:29 GMT

{ "my": "resource" }

201 Created


POST /resource
Host: example.com
Content-Type: application/json

{ "my": "resource" }


HTTP/1.1 201 Created
Date: Tue, 5 Dec 2017 06:25:29 GMT
Location: /resource/new-resource-id

{
    "my": "new resource"
}

202 Accepted


POST /resource
Host: example.com
Content-Type: application/json

{ "my": "resource" }


HTTP/1.1 202 Accepted
Date: Tue, 5 Dec 2017 06:25:29 GMT
Location: "/some/monitoring/uri"

{
    "status": "PENDING",
    "monitor": "/some/monitoring/uri"
}

204 No Content


PUT /resource/my-resource-id
Host: example.com


HTTP/1.1 204 No Content
Date: Tue, 5 Dec 2017 06:25:29 GMT

205 Reset Content


DELETE /resource/my-resource-id
Host: example.com


HTTP/1.1 205 Reset Content
Date: Tue, 5 Dec 2017 06:25:29 GMT

Authn/Authz

401 Unauthorized


PUT /resource/my-resource-id
Host: example.com

{ "malicious": "body" }


HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm=example.com

403 Forbidden


GET /resource/admin-only-resource
Authorization: Bearer [token-without-admin-rights]
Host: example.com


HTTP/1.1 403 Forbidden

404 Not Found


GET /resource/my-resource-id
Authorization: Bearer [token-without-admin-rights]
Host: example.com


HTTP/1.1 404 Not Found

Redirection

Gotcha's!

  • XMLHttpRequest transparently follows redirects.
  • fetch() permits interception.

301 Moved Permanently


GET /resource/my-resource-id
Host: example.com


HTTP/1.1 301 Moved Permanently
Location: https://example.com/resource/my-resource-id

302 Found


PUT /resource/my-resource-id
Host: example.com


HTTP/1.1 302 Found
Location: /resource/some-other-location
          

GET /resource/some-other-location
Host: example.com

303 See Other


PUT /resource/my-resource-id
Host: example.com


HTTP/1.1 303 See Other
Location: /resource/some-other-location
          

GET /resource/some-other-location
Host: example.com

307 Temporary Redirect


PUT /resource/my-resource-id
Host: example.com


HTTP/1.1 307 Temporary Redirect
Location: /resource/some-other-location
          

PUT /resource/my-resource-id

308 Permanent Redirect


PUT /resource/my-resource-id
Host: example.com


HTTP/1.1 308 Permanent Redirect
Location: /resource/some-other-location
          

PUT /resource/some-other-location

Bad Requests

400 Bad Request


PUT /resource/my-resource-id
Host: example.com

{ "malformed": "body" }


HTTP/1.1 400 Bad Request

405 Method Not Allowed


POST /resource/my-resource-id
Host: example.com

{ "my": "resource" }


HTTP/1.1 405 Method Not Allowed
Allow: GET, HEAD, OPTIONS, PUT, DELETE

Server Errors

500 Internal Server Error


GET /resource/my-resource-id
Host: example.com


HTTP/1.1 500 Internal Server Error

501 Not Implemented


CUSTOM_METHOD /resource/my-resource-id
Host: example.com


HTTP/1.1 501 Not Implemented

503 Service Unavailable


GET /resource/my-resource-id
Host: example.com


HTTP/1.1 503 Service Unavailable
Retry-After: 1000

Cache Control

409 Conflict


PUT /resource/my-resource-id
Host: example.com

{ "my": "resource" }


HTTP/1.1 409 Conflict
Last-Modified: Thu, 8 Feb 2018 05:22:11 GMT

410 Gone


GET /resource/my-resource-id
Host: example.com


HTTP/1.1 410 Gone

Date

  • Last-Modified: [date]
  • If-Modified-Since: [date]
  • If-Unmodified-Since: [date]

ETag

  • Etag: [etag]
  • If-Match: [etag]
  • If-None-Match: [etag]

304 Not Modified


GET /resource/my-resource-id
If-Modified-Since: Thu, 8 Feb 2018 05:22:11 GMT


HTTP/1.1 304 Not Modified

428 Precondition Required


PUT /resource/my-resource-id
Host: example.com


HTTP/1.1 428 Precondition Required

{ 'If-Unmodified-Since': true }

412 Precondition Failed


PUT /resource/my-resource-id
Host: example.com
If-Unmodified-Since: Thu, 8 Feb 2018 05:22:11 GMT

{ "my": "resource" }


HTTP/1.1 412 Precondition Failed

API Throttling

420 Enhance Your Calm


GET /resource/all-tweets-in-the-world
Host: twitter.com


HTTP/1.1 420 Enhance Your Calm

429 Too Many Requests


GET /every/tweet/ever
Host: twitter.com


HTTP/1.1 429 Too Many Requests
Retry-After: 1000

Proxy management

203 Non-Authoritative Information


GET /resource/my-resource-id
Host: example.com


HTTP/1.1 203 Non-Authoritative Information
X-Injected-Header: Proxy-id
Date: Tue, 5 Dec 2017 06:25:29 GMT
(Effectively a 200)

305 Use Proxy


GET /resource/my-resource-id
Host: example.com


HTTP/1.1 305 Use Proxy
Location: https://different-aws-region.example.com/resource/my-resource-id

407 Proxy Authentication Required


GET /resource/my-resource-id
Host: different-aws-region.example.com


HTTP/1.1 407 Proxy Authentication Required
Proxy-Authentication: Basic realm=corporate-proxy.example.com
          

GET /resource/my-resource-id
Host: different-aws-region.example.com
Proxy-Authorization: Basic [basic-auth-credentials]

502 Bad Gateway


GET /resource/my-resource-id
Host: example.com


HTTP/1.1 502 Bad Gateway

504 Gateway Timeout


GET /resource/my-resource-id
Host: example.com


HTTP/1.1 504 Gateway Timeout

"Jokes"

418 I'm a teapot


GET /coffee
Host: kitchen-util-1122313.local


HTTP/1.1 418 I'm a teapot

451 Unavailable for Legal Reasons


GET /start-the-uprising.pdf
Host: revolution.cn


HTTP/1.1 451 Unavailable for Legal Reasons

Thank You!