Some of the custom status already well-defined meanings in HTTP

Question

Some of the custom status already well-defined meanings in HTTP

Closed this issue a year ago · 0 comments

Problem

For more meaningful errors, we use the reitit.ring.middleware.exception/create-exception-middleware that catches all the errors thrown and using the value of their :type, assigned a custom status and message to the caught error like so:

(defn handler [status message exception request]
  {:status status
   :headers {"content-type" "application/edn"}
   :body {:message message
          :data (ex-data exception)
          :uri (:uri request)}})

(def exception-middleware
  "When a ex-data :type is matched, create a handler with custom status and error message."
  (exception/create-exception-middleware
   {:pattern/schema            (partial handler 407 "Invalid pattern provided")
    :user/login                (partial handler 408 "Cannot login because user does not exist")
    :user/delete               (partial handler 409 "Cannot delete because user does not exist")
    :user.admin/not-found      (partial handler 414 "User does not exist")
    :user.admin/already-admin  (partial handler 415 "User is already admin")
    :api.google/fetch-user     (partial handler 412 "Could not fecth google user info")
    :authorization             (partial handler 413 "User does not have the required permission.")
    ::exception/default        (partial handler 500 "Default")}))

This works well overhaul but sometimes additional unwanted information were provided are sometimes the body is totally replaced.

That is the case for the :pattern/schema. Instead of returning the expected body with status 407 and the malli error, I am getting in the browser net::ERR_UNEXPECTED_PROXY_AUTH.

This is actually due to the fact that some status are already well-defined in HTTP specifications and have default behaviour.

Suggestion

Here is a list of 4xx status to avoid using for custom purposes:

400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timeout
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Payload Too Large
414 URI Too Long
415 Unsupported Media Type
416 Range Not Satisfiable
417 Expectation Failed
418 I'm a teapot
421 Misdirected Request
422 Unprocessable Entity
423 Locked
424 Failed Dependency
425 Too Early
426 Upgrade Required
428 Precondition Required
429 Too Many Requests
431 Request Header Fields Too Large
451 Unavailable For Legal Reasons

So, we need to replace these status in the middleware with others to prevent unexpected behaviour.