Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> The use of the 451 status code implies neither the existence nor non-existence of the resource named in the request.

If something didn't exist at all, why would I send a 451?

> The 451 status code is optional; clients cannot rely upon its use

So... everybody can ignore 451?



requesting info on a real, existing user on illegal-in-USA.ru

    -> GET /users/real-user-name HTTP/1.1 Host: illegal-in-USA.ru
    <- HTTP/1.1 451 Unavailable For Legal Reasons
requesting info on a fake, nonexistent user on illegal-in-USA.ru

    -> GET /users/no-such-user HTTP/1.1 Host: illegal-in-USA.ru
    <- HTTP/1.1 451 Unavailable For Legal Reasons
If the .ru site sent 404s for nonexistent users and 451s for real ones, you'd be able to gather potentially useful information. It's like if I go to bad-porn.com and type your email into "forgot my password", it should neither confirm nor deny the existence of your account, simply tell me the request was received. In any event if delivery of the requested resource is legally prohibited, why would I go to the trouble to determine whether the resource exists?

A final analogy: 10 year old enters US gas station: "Have you Marlboro 100s, menthol?" gas station attendant (without checking whether or not he has this particular brand/style of cigarette): "get out of here, kid. [HTTP/1.1 451 Unavailable For Legal Reasons]."


> If something didn't exist at all, why would I send a 451?

You just don't acknowledge the existence.

> So... everybody can ignore 451?

The status code is optional in the sense that you don't have to use it if a resource is unavailable for legal reasons. You can use it if you want to inform the user what exactly is going on.


>You can use it if you want to inform the user what exactly is going on.

That's exactly the purpose.

>The 4xx class of status code is intended for cases in which the client seems to have erred. Except when responding to a HEAD request, the server SHOULD include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. These status codes are applicable to any request method. User agents SHOULD display any included entity to the user.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html


If you're trying to "hide" something on the web, there's 401 Unauthorized and 404 Not found. If you cannot acknowledge the existence of a resource, either of these status codes would be fine. If, however, you feel the need to correctly communicate that a resource is legally unavailable (whether or not it exists), then 451 is an alternative.

But, no one ever said status codes had to tell the truth.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: