52
devios1
7y

HTTP 200 responses on failures… 😒

Comments
  • 5
    Sounds like the princess is in another castle.
  • 0
    Check your erro_logs
  • 1
    @electrode It's not my API.
  • 0
    So basically a 200 when it should be 500
  • 5
    @filthyranter Not necessarily 500, but when you send a message to an API and it returns 200 along with an error message… that really grinds my gears.
  • 3
    Some sites use it to stop some automated bots (that are designed to find exploitable flaws in a site) that are searching for a 500 error code. However chances are this sites Dev is lazy
  • 1
    First of all, I disagree with that, but it is pretty filthy trick. And second of all, it should be a 400 series error in this case since I was providing bad input.
  • 2
    Even if you're trying to hide server errors, at least return something that is technically an error code, like a 404 or something. Don't return success.
  • 0
    @devios1 but a 404 status code would be completely misleading
  • 1
    @Admim More misleading than a 200?? 😂😂
  • 1
    And isn't that the point? To mislead bots?
  • 2
    I had this with Django. I kept getting 200 (but the actual page showed a 403) instead of 403. Then magically it started working properly, I still don't understand why.
  • 2
    Personally, I don't mind much getting 200s provided they provide a boolean success.

    if (response.success) {
    console.log('✓');
    } else {
    console.log('✘');
    }

    It's easy enough to understand and as and when you refactor to use more semantic status codes it's easily split into

    .then(
    function success(response) {
    console.log(response.message);
    },
    function error(response) {
    console.log(response.message);
    }
    );
  • 1
    That's terrible practice.
  • 2
    I mean, I get that this is a part of REST, but they nailed it and we absolutely should adopt that standard everywhere. Even if it's just a generic 400 Bad Request. It conveys that the error is on the client side in a universally understood way.
  • 0
    I'm working on a project where django rest framework's create function was overwritten to give a hardcoded 200. You could check that?
  • 3
    "Error 200"
Add Comment