Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HTTP status code for unsupported browser

Tags:

http

http-status-codes

web

Which HTTP status code would you return to indicate an unsupported browser? I've looked through the 4xx (client error) codes but none seem to fit.

like image 738
Yarin Avatar asked Nov 05 '13 18:11

Yarin

People also ask

What is the HTTP status for an unsupported version of HTTP?

The HyperText Transfer Protocol (HTTP) 505 HTTP Version Not Supported response status code indicates that the HTTP version used in the request is not supported by the server.

What is HTTP status code1?

Prevailing theory is that the status is set to null and the statuscode set to -1 when the response object is constructed, and then something happens to the connection that means the request doesn't complete, so these defaults are never overwritten with real values.

What does 204 no content mean?

5 204 No Content. The server has fulfilled the request but does not need to return an entity-body, and might want to return updated metainformation. The response MAY include new or updated metainformation in the form of entity-headers, which if present SHOULD be associated with the requested variant.

What does HTTP Status 200 mean?

The HTTP 200 OK success status response code indicates that the request has succeeded. A 200 response is cacheable by default. The meaning of a success depends on the HTTP request method: GET : The resource has been fetched and is transmitted in the message body.

2 Answers

400 (bad/malformed request) is the only one that fits... somewhat

like image 32
Tony Avatar answered Oct 24 '22 07:10

Tony

403 Forbidden is the most appropriate.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4 says:

The server understood the request, but is refusing to fulfill it.

400 Bad Request is not a good fit because it implies the request itself is malformed, which is probably not true.

If you are building a website, however, it is not a good practice to forbid specific web browsers in this way. Try to build a website that is compliant with all the browsers used by your audience. If you are building an HTTP API, then that's a different story, and you should use a secure mechanism for authorizing clients. If that's what you need, consider OAuth.

EDIT July 2015: The newer RFC 7231 elaborates its explanation of 403, making it more clear that it is okay to use even when it is not a credential authorization issue.

https://www.rfc-editor.org/rfc/rfc7231#section-6.5.3 (bold added by me):

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).

If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.

like image 183
Andre D Avatar answered Oct 24 '22 06:10

Andre D
Sign in to Comment

Related questions

http.Request RequestURI field when making request in go
How http2/http1.1 proxy handle the Transfer-Encoding?
HTTP 2 request in python 2.7
What is the difference between Websocket,Server Sent Events (SSE) and HTTP2's Server Pushing?
GET or POST for token generation
How to log requests and responses in Django?
How to ensure access to my web service from my code only?
Nested model parameters during an HTML post
How to store an Http Response that may contain binary data?
In Node.Js Express, does "res.render" end the http request?
curl --resolve equivalent in PHP CURL library
What ports should I node.js listen on? How and why?
Port 8000 vs Port 8080
Passing params in the URL when using HTTP POST
How should I encode dictionaries into HTTP GET query strings?
Convert HTTP Proxy to HTTPS Proxy in Twisted
How can clients using my web service bypass their ISP's transparent proxy cache to ensure their requests reach my server?
Is there a way to set an uploaded file size limit in tornado?
Accessing Uploaded Files in Golang
HTTP library for Ruby with HTTPS, SSL Client Certificate and Keep-Alive support?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!