HTTP 200 responses on failures… 😒

Sounds like the princess is in another castle.

Check your erro_logs

@electrode It's not my API.

So basically a 200 when it should be 500

@filthyranter Not necessarily 500, but when you send a message to an API and it returns 200 along with an error message… that really grinds my gears.

Some sites use it to stop some automated bots (that are designed to find exploitable flaws in a site) that are searching for a 500 error code. However chances are this sites Dev is lazy

First of all, I disagree with that, but it is pretty filthy trick. And second of all, it should be a 400 series error in this case since I was providing bad input.

Even if you're trying to hide server errors, at least return something that is technically an error code, like a 404 or something. Don't return success.

@devios1 but a 404 status code would be completely misleading

@Admim More misleading than a 200?? 😂😂

And isn't that the point? To mislead bots?

I had this with Django. I kept getting 200 (but the actual page showed a 403) instead of 403. Then magically it started working properly, I still don't understand why.

Personally, I don't mind much getting 200s provided they provide a boolean success.

if (response.success) {
console.log('✓');
} else {
console.log('✘');
}

It's easy enough to understand and as and when you refactor to use more semantic status codes it's easily split into

.then(
function success(response) {
console.log(response.message);
},
function error(response) {
console.log(response.message);
}
);

That's terrible practice.

I mean, I get that this is a part of REST, but they nailed it and we absolutely should adopt that standard everywhere. Even if it's just a generic 400 Bad Request. It conveys that the error is on the client side in a universally understood way.

I'm working on a project where django rest framework's create function was overwritten to give a hardcoded 200. You could check that?

"Error 200"