More and more I am seeing the proliferation of decimal style HTTP status codes and I can't seem to find any RFC or other IETF recommendation or even W3C drafts or whatever on this except Microsoft IIS documentation (see https://support.microsoft.com/en-us/kb/943891)
Did Microsoft create these out of thin air? Wouldn't these decimal style status codes choke a lot of network components that might be expecting a whole integer value?
Does anyone know where these decimal status codes come from?
As mentioned in the docs you also linked to:
[...]
IIS 7.0, IIS 7.5, and IIS 8.0 define the following HTTP status codes that indicate a more specific cause of a 400 error:
400.1 - Invalid Destination Header.
400.2 - Invalid Depth Header.
400.3 - Invalid If Header.
[...]
So yes, IIS defines them.
And from Wikipedia, there is this gem:
[...]
The first digit of the status code specifies one of five classes of response; the bare minimum for an HTTP client is that it recognises these five classes. The phrases used are the standard examples, but any human-readable alternative can be provided.
[...]
So it's only mandatory that it starts with a 1-5.
Even if the HTTP client doesn't understand the whole status code, it can still decide what type of response it is:
Update1:
As stated in RCF7231#6:
The status-code element is a three-digit integer code giving the result of the attempt to understand and satisfy the request.
But also:
HTTP status codes are extensible. HTTP clients are not required to understand the meaning of all registered status codes, though such understanding is obviously desirable. However, a client MUST understand the class of any status code, as indicated by the first digit, and treat an unrecognized status code as being equivalent to the x00 status code of that class, with the exception that a recipient MUST NOT cache a response with an unrecognized status code.
For example, if an unrecognized status code of 471 is received by a client, the client can assume that there was something wrong with its request and treat the response as if it had received a 400 (Bad Request) status code. The response message will usually contain a representation that explains the status.
Update2:
Setting a 404.1 header in PHP (although the docs say it only accepts ints)
http_response_code(404.1);
results in a classic 404
So, in conclusion, I take it, clients, when the status code is unrecognized (for instance a 401.4
), transform it into a generic 400
(keeping the status class - 4
and filling with 00
)
Julian's comment above is correct.
IIS defines substatuses to help differentiate cases within the same defined status code for debugging purposes. These aren't sent on the wire in the HTTP response; as others have noted, that's an integer. They may appear in the response entity if configured (by default, only for clients running on the same host), and they're logged in the W3C log under the "sc-substatus" column.
If you're seeing decimal status codes elsewhere (the original question), you'd need to follow up with the source of them. Particularly, if you're seeing them in the HTTP message itself, that's a protocol compliance issue.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With