The 400 series implies that there was an error on the client side, when there clearly isn't one. The client has made a valid request that a middleman refuses to honor.
This better fits into the 300 series as a permanent addition.
But it's conceivable it could be related to you. "I'm sorry, this content is not viewable by non-<insert group of choice>" or "You are on the Anonymous watch list". That makes it a client error.
In the end, many times the response codes are murky. I'm very comfortable with it being a 4xx; you'd put it somewhere else. The working group will hash it out and we'll use what they say. shrug
Isn't it quite close to both 403 Forbidden, "request was a legal request, but the server is refusing to respond to it" and 401 Unauthorized? And now it's on the wikipedia http://en.wikipedia.org/wiki/HTTP_status_codes , and that equates with being approved, right?
TIL Microsoft uses 450 for parental control. And now 451 for legal censorship. Perhaps we could use the 450-459 range to signify various censorship scenarios. The 450s is also a nice middle ground between 400s and 500s.
The argument against 403 is that the server might not get to the resource at all, so it doesn't get a chance to refuse the response. A router with filtering capabilities might also terminate the connection and return 451 if the target server is censored and won't be reached. (wether that's practically likely to happen—e.g., at the Great Firewall, or for ICE seizures—is a different matter entirely)
300s indicate that client must take a follow-up action to fulfill the request. This would be misleading as the request is denied permanently.
Further, the closest match among the currently implemented statuses is a 403. As per the "Acknowledgements" section:
Thanks to Terence Eden, whose blog observed that the existing status code 403 was not really suitable for this situation, and suggested the creation of a new status code.
Propaganda is a poor excuse for a technical decision. Such decisions should be made on a rational basis, not because someone got their feeling bent out of shape or for political reasons.
Yes, I understand the rationale. I agree that there needs to be a code to denote "Access denied due to legal reasons". But I also know that personal is not the same as important, and in this case, a decision is being made that we'll be stuck with for quite some time to come and the choice of the code is purely a propaganda play.
At any rate, the client has not made an error. The client is the requesting entity (ie., browser or other program). The client in the error message does not refer to the potential human that may have caused the client to initiate the request.
Unless you can magically plug an ethernet connection into your mouth and spew http requests.
Assuming you know what you are talking about, do you mind if I restate your argument?
A 500 means the server is doing the wrong thing. You are suggesting that a server which blocks illegal requests is broken.
If you think servers should block illegal requests, then a 403 (Forbidden - The server understood the request, but is refusing to fulfil it) would have been most appropriate, but a new 4XX is useful given the prevalence of things like DCMA and censorship.
But since censorship is a bug, then a 5XX is more appropriate.
You could jokingly suggest a 305 redirect (Use Proxy), but technically it might not work (the proxy could get blocked too, or the server would get in trouble).
> You are suggesting that a server which blocks illegal requests is broken.
What? I suggested no such thing. What I am suggesting (if you read up the comments) is that a middleman has made the error and thus it is incumbent on that middleman to return a proper error of "Access denied for legal reasons".
If you use the 451 error to denote censorship, what code do you use when access is denied for a legitimate legal reason?
* broken multitasking - accidentally inserted political for legal in the last sentence.
>What? I suggested no such thing. What I am suggesting (if you read up the comments) is that a middleman has made the error and thus it is incumbent on that middleman to return a proper error of "Access denied for legal reasons".
1) There isn't necessarily a middleman. A server can self-censor in order to obey the law and return a 451.
2) A censoring firewall that blocks content is doing precisely what it's supposed to do, and returning a 4xx code keeps it in line with HTTP. It is not an error.
>If you use the 451 error to denote censorship, what code do you use when access is denied for a legitimate legal reason?
I don't think it's up to HTTP to distinguish between censorship and other kinds of laws (or more broadly, other government directives). Censorship that happens because of non-legal reasons (e.g. the website admin doesn't want to serve a resource due to personal beliefs) should just be a 403.
>At any rate, the client has not made an error. The client is the requesting entity (ie., browser or other program). The client in the error message does not refer to the potential human that may have caused the client to initiate the request.
Typing google.com/asdfhjk in the address bar yields a 404, even though the error is clearly with the human, not the browser.
>Yet, that's what's happening with the 451 error code. This is clearly aimed at government censorship - what the writer considers the wrong kind.
I'm not sure I agree. While the author may have a certain connotation in mind, "not available for legal reasons" is a simple statement of fact that can be useful for the user, regardless of whether it was a "good" or an "evil" law.
>Unless I'm mistaken, "client" means the browser, not the person operating the browser.
So it shouldn't return a 404? Are you proposing the use of 6xx codes for user error, and keep 4xx for purely client errors? How can the server distinguish between a browser and somebody using telnet? What if another program is performing automated clicks in a browser and navigates to google.com/asdfhjk?
I believe the "client" is "everything on the other end of the tcp connection."
This better fits into the 300 series as a permanent addition.