New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
A New HTTP Status Code for Legally-restricted Resources
Possibly we'll see 451's instead of 404's soon ;-)
This document specifies an additional Hypertext Transfer Protocol (HTTP) status code for use when resource access is denied for legal reasons.
https://datatracker.ietf.org/doc/draft-tbray-http-legally-restricted-status/?include_text=1
Comments
I'd prefer to see:
I fear we'll see 451's instead of pretty much everything now
I prefer Error 9001: Insufficient ponies.
But seriously, it's a sad state of affairs when this is even being considered.
TBH, I quite appreciate this. Because otherwise you get a 200 and still cannot see anything. This way I can automatically (FF-extension or whatever) sort sites out.
I'm with @nabo on this, I sure sucks that a medium that should be open is restricted and cannibalized like that - but at least users will know that they're ISP is blocking them.
My proposal is :
451 - Your ISP suxx
This is ridiculously stupid, and the person who wrote it clearly has no understanding of the existing HTTP status codes.
http://tools.ietf.org/html/rfc2616#section-10.4.4
The only difference between this new status code and 403 Forbidden is that 451 can be returned if the URL is invalid.
Who cares about codes? ¬_¬
We have enough already :S
No, it's not. 403 is meant to be returned if you don't have access. 451 is returned if there's a legal restriction barring everyone meeting a criteria.
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated.
If the request method was not HEAD and the server wishes to make
public why the request has not been fulfilled, it SHOULD describe the
reason for the refusal in the entity. If the server does not wish to
make this information available to the client, the status code 404
(Not Found) can be used instead.
http://tools.ietf.org/html/rfc2616#section-10.4.4
If you are legally restricted from connecting to a resource, the server never understood the request - in fact, the server you're trying to reach never even received the request! So no, using 403 is not acceptable here, unless it's the actual destination server issuing the block (for example, if a site like Youtube were to decide not to offer service to Chinese users due to legal restrictions, and the Youtube server itself returns this).
I think it's a good addition, as it gives the end user more of a accurate reasoning for the content not being there, and it gives the copyright trolls somethings to pat themselves on the back for...everyone wins.
If there's a legal restriction barring people meeting a particular criteria, they don't have access. In fact, you could even say that they're... Forbidden. 403 is a general "you're not allowed to access this resource for some reason" and should contain the reason in the response. If that reason is "We legally can't let you access this", that's what the Reason-Phrase should say.
This brings up an interesting point. All of the HTTP status codes seem to assume that the server issuing the response is the server that you sent your request to. Perhaps instead of making it a 4xx level response, it should be a new, different class, (6xx maybe?) indicating that your request was redirected/intercepted before reaching the server you sent it to.
So? There are other codes like this, too, where one is just a more specific case of another.
That sounds like the best way to go.
There are also plenty of cases of proxy servers responding with a status code in place of the original. 502, 504, 511. Additionally this 451 could be used for things like megaupload where it's being pointed to a 3rd-party server, instead of being intercepted by one in the middle.
You misquoted
Anyhow, the difference between 'plenty of cases where proxy servers respond' and this situation, is that those proxy servers typically act on behalf of the destination (for example, as a load balancer). This status code would be for a situation where the intercepting server does not act on behalf of the destination - for example, an ISP server blocking access to TPB. It would make perfect sense to have a range for errors originating from servers that are not acting on behalf of the destination. You could for example have 600 for an internal proxy error (for example, if you're on a mobile connection with an ISP proxy inbetween), 601 for an unreachable destination (again, same scenario), or 610 for a request that has been blocked for legal reasons (the TPB example). I'm obviously just throwing out some numbers here, but it's to give a general idea.
I misquoted? I selected your text and hit "quote".
Wrong. 511, I think it was. The captive gateway one.
You selected Nick's text, which Joe was quoting :P
Quite bad for net neutrality.
This is being submitted by Google and I suspect this is for cases where they would show a page, but the Great Firewall of China (or similar) blocks it. Similar to how they now report if the government is interfering with your search results. This would make it more obvious by making it part of the protocol.
Anyway, it's a Google idea, so don't worry - they'll get 80% of the way through the RFC process and then abandon it.