Return 403 for diga test code requests when DISABLE_TESTCODES=true

Question

Return 403 for diga test code requests when DISABLE_TESTCODES=true

Closed this issue 3 years ago · 2 comments

Currently the response for a diga test code when DISABLE_TESTCODES=true is:

{
    "timestamp": "2021-08-23T07:15:50.545+00:00",
    "status": 400,
    "error": "Bad Request",
    "message": "Testcodes are not allowed",
    "path": "/validate/77AAAAAAAAAAAGIS"
}

It could make sense to use return 403 Forbidden to denote this. It fits the semantics of the status code:

The HTTP 403 Forbidden client error status response code indicates that the server understood the request but refuses to authorize it.

And it is clear(er) that the error is different from the normal code validation error.

The proposed response would instead be:

{
    "timestamp": "2021-08-23T10:14:44.185+00:00",
    "status": 403,
    "error": "Forbidden",
    "message": "Testcodes are not allowed",
    "path": "/validate/77AAAAAAAAAAAGIS"
}

Answer 1 · 2021-08-23T15:20:10.000Z

That makes sense absolutely sense

Answer 2 · 2021-08-24T08:43:00.000Z

Version 1.0.2 released