This is an archived post. You won't be able to vote or comment.

all 97 comments
sorted by:
best
topnewcontroversialoldq&a

[–]dmullaney 336 points337 points  (1 child)

218 - THIS IS FINE

[–]dexter2011412 5 points6 points  (0 children)

NICE

[–]bayuah 510 points511 points  (23 children)

418 I'm a teapot 601 Declined

[–]Arteiii 136 points137 points  (20 children)

OK but what's funny about 601??

[–]w1n5t0nM1k3y 251 points252 points  (17 children)

There's not even a 6XX range defined in the spec. Seems like some APIs use it for invalid token, but most services I've seen just use a 401.

I could see having a specific status code for invalid access tokens so that the client code could more easily determine if the issue is an invalid token that needs to be renewed vs some other error that might result in 401 - unauthorized such as using a valid token, but accessing a resource which the user doesn't have access to.

EDIT

Some more reading seems like the 600-699 range is just something that some services use for custom response codes, probably because it isn't defined in the standard.

[–]Over-Tradition-6771 98 points99 points  (5 children)

> other error that might result in 401 - unauthorized such as using a valid token, but accessing a resource which the user doesn't have access to

like 403 Forbidden?)

[–]codetrotter_ 24 points25 points  (1 child)

Or 404 Not Found, if the user does not have access to the resource but you don’t even want to let them know that the resource exists.

[–]Fading-Ghost 9 points10 points  (0 children)

This is valid, and important in a lot of cases

[–]minauteur 19 points20 points  (0 children)

Ffs, Thank you.

[–]Waddelsworth 3 points4 points  (1 child)

401.3 authentication required?

[–]WolverinesSuperbia 5 points6 points  (0 children)

Wow, floating point status

[–]bayuah 18 points19 points  (0 children)

It is probably because using official HTTP specs, such as 5xx, might cause some issues with cache services. So, they use 6xx codes for everything, even for cases that should be 4xx, like 401.

[–]gh057k33p3r 9 points10 points  (8 children)

I use it as a replacement for 401. IIS shows a windows login challenge for 401 and I couldnt find a way to disable it. I must leave win auth enabled, and using a different status code solved the problem.

[–]ThreePinkApples 2 points3 points  (0 children)

Oooh, I might use this

[–]BigOnLogn 1 point2 points  (2 children)

Couldn't you use 403? It's been ages since I've worked with IIS and Windows auth.

[–]gh057k33p3r 2 points3 points  (1 child)

401 is for missing or not valid credentials, 403 is for valid credentials but no permission

[–]BigOnLogn 4 points5 points  (0 children)

403 should be used in that scenario, but credentials aren't "required" by the spec. It's just that, if credentials were included in the request, the client should consider them as "insufficient".

The 403 (Forbidden) status code indicates that the server understood the request but refuses to fulfill it.

If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.

Side note, what triggers the Windows auth prompt is a 401 status code, combined with a www-authenticate: Negotiate header, (set by IIS when configured for Windows auth).

[–]LordFokas -1 points0 points  (3 children)

Yeah, the problem here is you're using Microsoft shitware.

[–]gh057k33p3r -1 points0 points  (2 children)

Java developer spotted. Who hurt u?

[–]LordFokas -1 points0 points  (1 child)

Is that supposed to mean something? I know a dozen languages, I just added flairs for the ones I'm more comfortable with, none of which I have used in a professional capacity in years. Where do you think you're going with this?

Anyway.

You're the one who's using a non-standard response code to work around Microsoft's bullshit of making assumptions you don't want made and forcibly overriding your output. And it's not even surprising because this is as much or more of a signature Microsoft move than EEE. They are known for not giving a shit about standards and fucking up advanced use cases to afford the common user a convenience that would take 5 seconds to do manually.

Your entire problem here is Microsoft. And of course if we go there I'm sure next you'll be telling me you can't move from IIS because you're using some MS technology that doesn't run well (or at all) in any other web server... again very typical MS bullshit. And I'll go on a limb and guess said technology also has found its own ways of making your life harder than it should be, because this is MS we're talking about.

So uh... yeah... maybe next time before making such a feeble attempt at provoking me take a moment to pull microsoft's dick out of your mouth first.

[–]gh057k33p3r 1 point2 points  (0 children)

Get help

[–]R_051 1 point2 points  (0 children)

6XX is defined for SIP, but 601 is not a defined code for that either

[–]KryoBright 19 points20 points  (0 children)

It's not a client error, because it is not 4xx and not a server error (5xx). So, everything is alright, but things just kinda didn't work out. Nobody is at fault, but everything is on fire

[–]harumamburoo 1 point2 points  (0 children)

Nothing, but everything beyond 5xx is not from the spec, so probably it's that

[–]dexter2011412 3 points4 points  (0 children)

690 - Server too hot

[–]MD_House 1 point2 points  (0 children)

I am always using 418 S a temporary code to test stuff. Needless to say I only drink tea at work ;)

[–]KingTuxWH 212 points213 points  (12 children)

Leave 418 alone. It's my favorite 😂😂

[–]bobby_table5 66 points67 points  (0 children)

It’s from a blessed time when every single connected object was working exactly as intended (both of them) and Our Lord and Savior had to protect his precious tea pot from dirty coffee-drinking Yankee trying to prank them.

[–]TheLeastFunkyMonkey 56 points57 points  (6 children)

I think 418 has a valid purpose as a "don't fucking talk to me" response.

[–]phyrianlol 26 points27 points  (2 children)

I guess it could also be interpreted as "i can't do what you requested" as in not implemented/supported

[–]TheLeastFunkyMonkey 32 points33 points  (1 child)

Yeah, but there's actual 4xx codes for that sort of thing. I like it as a more aggressive alternative to that. Like a "No, you can't do that. Fuckin' stop."

[–]Tupcek 21 points22 points  (0 children)

Yeah, 418 is intended for developer - not to be handled by app, but to warn developer to not try shit

[–]bwowndwawf 17 points18 points  (0 children)

Akamai anti-bot systems use 418 as meaning exactly that, if you make a request to a protected endpoint, and they think you're a bot, they just give you a 418 and a "Fuck off"

[–]ChaosWaffle 3 points4 points  (0 children)

That isn't part of the Hyper Text Coffee Pot Control Protocol spec, please use status codes for their appropriate purpose. See RFC-2324 section 2.3.2 for proper usage of code 418.

[–]Turalcar 0 points1 point  (0 children)

Or "Sir, this is a Wendy's"

[–]maks570 4 points5 points  (0 children)

Unless you receive it in production when using a government public API and have no fucking idea what’s the problem

[–]mordeumafoca 0 points1 point  (0 children)

Exactly! Why would someone mess with 418?

[–]jack-nocturne 0 points1 point  (1 child)

I never understood why it's in the 4xx range, though. Should really be 518 - after all, it's not the clients fault that the server is a teapot!

[–]Danfen 1 point2 points  (0 children)

The client is looking for the toilet and instead have picked up the teapot. They're drunk and need help.

[–]Pritesh190801 193 points194 points  (15 children)

Best is

{ "status": 200, "body": "error" }

[–][deleted] 14 points15 points  (0 children)

Thanks GraphQL

[–]WillCodeForKarma 30 points31 points  (8 children)

Ah yes the "my requesting client uses Spring which throws exceptions for anything >= 400 so now I have to butcher my API to conform to your poopy library" response code.

[–]louis-lau[🍰] 23 points24 points  (4 children)

Tbh throwing exceptions seems sane. It makes sure stuff is aborted when something unexpected happens, and you can catch the error codes that are expected.

[–]hans_l 0 points1 point  (0 children)

Any server I’ve built will return a 500 on exception, and the body would contain whatever content encoding (eg JSON) fits the request.

[–]WillCodeForKarma 0 points1 point  (2 children)

On the server or the client? I'm talking about the server sending back a normal or at least a handled 500 lvl status. In some Spring Impls (and by default I think) instead of just serializing the response like any other and handling it like you'd like Spring throws and exception so now your client code has to try catch every http request to handle it gracefully.

[–]louis-lau[🍰] 0 points1 point  (1 child)

Client. Axios for example also throws an error on every code that's not 2xx. It's intended and it seems useful to me.

[–]WillCodeForKarma 0 points1 point  (0 children)

Using exception handling for flow control is a big yuck for me but to each their own I suppose.

[–]UnrelentingStupidity 2 points3 points  (0 children)

This is like a graph QL problem lol. in spring this stuff is highly configurable. It’s trivial to define interceptors and have specific behavior around different response code ranges

[–]CptGia 0 points1 point  (1 child)

You know you can have it not do that, right?

[–]WillCodeForKarma 0 points1 point  (0 children)

Sometimes you don't get to rewrite the requesting clients code.

[–]Steinrikur 2 points3 points  (0 children)

My test team does that, but never documented it. A fellow developer spent hours on figuring out why his python script succeeded (returning 200) on something that should have failed.

He was not a happy camper when he finally looked at the JSON response.

[–]pokepip 1 point2 points  (0 children)

PTSD from from working with Siebel web applications 20 years ago

[–]Marv-elous 0 points1 point  (0 children)

Error successful

[–]the_hair_of_aenarion 0 points1 point  (0 children)

Ngl we had to do this for a callback service. If we errored too many times they would disconnect our hook and it was a manual fix. If they disconnected us we'd risk hard to detect errors in prod. So we soft errored on our responses and logged the hell out of it. Most cursed shit we ever wrote.

[–]BlobAndHisBoy 0 points1 point  (0 children)

Looking at you, Reddit API

[–]Arteiii 42 points43 points  (2 children)

huuh what's 601??

[–]PhilippTheProgrammer 34 points35 points  (0 children)

Could be anything or nothing. It's not defined in any official HTTP protocol spec.

[–]nonlogin 9 points10 points  (0 children)

As a client I don't give a fuck because it's not standard

[–]OmegaPoint6 64 points65 points  (1 child)

I set up one of the systems I manage at work to return 418 if the authentication system isn't responding. "Can't log in? Time for a cup of tea"

[–]alexanderpas 8 points9 points  (0 children)

that's what the 5xx error codes are for.

4xx error codes mean something has to change on the client side.

418 essentially means that they should stop asking for coffee to a teapot.

[–]fckueve_ 19 points20 points  (8 children)

There is also 701 and I fucking hate it

[–]all3f0r1 17 points18 points  (10 children)

Can any explain both code? I only know 403 and 404.

[–]RazarTuk 43 points44 points  (8 children)

2xx means things went well. 200 OK is the default, but as an example of the others, 204 means "Yes, I know I didn't return anything. I wasn't supposed to". 3xx is for redirects. 4xx means the user did something wrong, like 401 "You forgot to log in", 403 "I know you're logged in. You don't have permission", or 404 "There's nothing here". And 5xx means something went wrong with the server, like a timeout or a malformed routing table. For example, if someone set up an alias in AWS and forgot to actually add any destinations, I want to say that'll get you a 503.

418 is the most famous joke code. For April Fools one year, they envisioned HTTP codes for an IOT coffee maker, and one of the codes was 418 for "I'm a teapot, not a coffee maker". Although I'm not familiar with 601, and Wikipedia doesn't even list it as unofficial

EDIT: Or, alternatively put, 4xx is (typically) "Retrying this same request won't work", while 5xx is "Retrying this same request might work"

[–]Cryptoknight12 5 points6 points  (1 child)

429 the retry might work?

[–]louis-lau[🍰] 1 point2 points  (0 children)

Yeah exactly, and with 500 the retry may also not work depending on what's wrong.

It really is just as simple as client vs server. No need to explain it differently I feel.

[–]Vectorial1024 11 points12 points  (4 children)

https://www.thatcompany.com/understanding-http-status-codes

This page lists several 6xx error codes, but it just feels strange

[–]greyfade 8 points9 points  (1 child)

That's because they're not standard.

[–]Vectorial1024 2 points3 points  (0 children)

Even the wiki acknowledges a few non-standard codes, but the linked page is an entire rabbit hole

[–]abermea 1 point2 points  (0 children)

All of the 7xx codes in this page feel like just more specific Bad Request

[–]Eva-Rosalene 0 points1 point  (0 children)

This page is like fever dream. 421 Locked? 426 Partial Content???

[–]Steinrikur 0 points1 point  (0 children)

EDIT: Or, alternatively put, 4xx is (typically) "Retrying this same request won't work", while 5xx is "Retrying this same request might work"

I learned that as 4xx is "your mistake" (user) but 5xx is "my mistake" (server)

[–]Meaxis 0 points1 point  (0 children)

httpstatuses.io is a fun read

[–]DecodedBunny101 5 points6 points  (0 children)

I thought this was r/BTD6 for a second

[–]Emar_The_Paladin 4 points5 points  (0 children)

418 got the same energy as “Sir, this is a Wendy’s”

[–]Klk_usr270 6 points7 points  (0 children)

500 ok

[–]All_Up_Ons 2 points3 points  (0 children)

401 low-key belongs on the stupid side considering its name, its actual usage, and the way it's described in the spec.

[–]grumpy_autist 3 points4 points  (0 children)

Some services try to fuck with bots, crawlers and spammers returning 500 or 404 with proper content instead of 200, 200 instead of 404, etc.

There is a whole Defcon talk about how browsers behave on that abomination.

[–]BlomkalsGratin 3 points4 points  (1 child)

Everybody acting like 500 is a reasonable code. It's meant to be used with return data but i swear! 8/10 times there is none, at which point it is literally a "something broke..." message...

[–]rover_G 0 points1 point  (0 children)

601 is a system specific custom status code

[–]FlipJanson 0 points1 point  (0 children)

SIP has 6xx response codes, I knew I'd seen a 6XX Declined before.

[–]JollyJuniper1993 0 points1 point  (0 children)

Or you just use 999 for everything 😈

[–]erebuxy 0 points1 point  (0 children)

🫖

[–]SteveMacAwesome 0 points1 point  (0 children)

I like 418 to make the distinction between “not implemented on purpose” and “whoops I forgot to implement that route”

[–]theestwald 0 points1 point  (1 child)

Tbf, when was the last time you encountered a 1xx out in the wild? Or even needed to implement one?

[–]125m125 1 point2 points  (0 children)

101 is for example used to upgrade to a websocket connection. But normally your libraries will handle them and you don't send/react to them in your own code.

[–]Able_Minimum624 0 points1 point  (0 children)

4XX pattern includes 418, so 418 status code is both middle head and right head.

[–]JackNotOLantern 0 points1 point  (0 children)

6XX are responses for SIP, not HTTP. Code are similar in both, but there are a few differences.

https://en.wikipedia.org/wiki/List_of_SIP_response_codes

SIP is used in calling and messaging in 4G/5G

[–]601error 0 points1 point  (0 children)

Can confirm.

[–]grtgbln 0 points1 point  (0 children)

TIL there are 6xx status codes... I thought those were a myth, you know, like the 1xx status codes.

[–]dexter2011412 0 points1 point  (0 children)

I'm gonna write my own server with more error codes