Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the best HTTP status code for blocked user profile in rails api?

Tags:

http

ruby-on-rails

api

I wrote an API for social app in Rails. This app likes Facebook, users can block other users. If user A block user B, user B can't view profile page of user A. So what is the best HTTP code status I should return: 404, 403, 204 or 200(render nothing) ?

like image 783
babie Avatar asked Dec 26 '16 14:12

babie

People also ask

What is a 402 error code?

The HTTP 402 Payment Required is a nonstandard response status code that is reserved for future use. This status code was created to enable digital cash or (micro) payment systems and would indicate that the requested content is not available until the client makes a payment.

What is HTTP status code1?

Prevailing theory is that the status is set to null and the statuscode set to -1 when the response object is constructed, and then something happens to the connection that means the request doesn't complete, so these defaults are never overwritten with real values.

What does the HTTP status code of 200 represent?

The HTTP 200 OK success status response code indicates that the request has succeeded. A 200 response is cacheable by default. The meaning of a success depends on the HTTP request method: GET : The resource has been fetched and is transmitted in the message body.

2 Answers

I much prefer to use 403 Forbidden

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).

If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.

An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of 404 (Not Found).

https://www.rfc-editor.org/rfc/rfc7231#section-6.5.3

like image 117
Alex Kojin Avatar answered Oct 14 '22 04:10

Alex Kojin

A best practice for this is 403, however doing so will expose the fact that user has been blocked. If you don't want that, you can return 404. Github, as an example, for unauthorized access to private repos always returns 404.

like image 35
Nikita Misharin Avatar answered Oct 14 '22 03:10

Nikita Misharin
Sign in to Comment

Related questions

Ruby on Rails and jeditable (jquery)
How to create a zip archive using Ruby on Rails?
Best IP to Location for Ruby on Rails
Where do you put your rails app on your server? What User do you deploy with?
Rails 3: Simple AJAXy Page updates?
How to organize a Rails App
Rails+javascript - image preview before upload
understanding rails routes: match vs root in routes.rb
Start rails development environment on android
Cannot override Devise passwords controller
has_one through and polymorphic associations over multi-table inheritance
Creating multiple nested forms using simple_form and rails 4
Why are my font awesome icons disappearing on page loading?
How to force Rails ActiveRecord to commit a transaction flush
Rails Mailer Best Practice - controller or after_create callback? [closed]
How to work with rails form and jsonb postgres
Rails session not persisting after redirects
Rails: Performance issue with joining of records
How do you test a dummy rails app when writing a gem?
Add computable column to multi-table select clause with eager_load in Ruby on Rails Activerecord

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!