Details
-
Bug
-
Status: Open
-
Trivial
-
Resolution: Unresolved
-
0.26.0
-
None
-
None
-
None
Description
According with the HTTP Specification in RFC-2616 Section 10.4.4:
If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.
The definition of SHOULD in RFC-2119 states:
This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.
That means that either each instance of returning http::Forbidden needs to add a message in the body, or return 404 instead. If none of this apply, it should be good to at least add a comment on why no body was added to the reply.
The places in need of an update are:
src/master/http.cpp 789: return Forbidden(); 880: return Forbidden(); 1209: return Forbidden(); 1854: return Forbidden(); 2482: return Forbidden(); src/master/quota_handler.cpp 344: return Forbidden(); 453: return Forbidden();