Which http response code best notifies a user that an api only ajax and post are accepted?
For example i have a controller that will only allow ajax requests and these must be post and not get.
So if an end user was to request using get or post using non ajax they should get a response to indicate this is not allowed.
Would either of these be the best response for this:
400
403
405
400 - Bad Request, 405 - Method not allowed
I think yours is 405, 403 is forbidden, regarding access permissions, not format or method. Bad Request could be a combination of forbidden parameters
HTTP doesn't have status code to distinguish between requests initiated by XmlHttpRequest (you call it AJAX) and requests made by any other HTTP client or directly by browser.
I guess that by non-ajax request you mean request that is made directly by putting an URL into browser (or by click on a link). It means that browser performs GET request.
HTTP allows you specify set of allowed HTTP methods for particular resource.
To fulfill your use-case you just need status code which allows you specify that just POST method is allowed.
405 - Method not allowed
The method specified in the Request-Line is not allowed for the
resource identified by the Request-URI. The response MUST include an
Allow header containing a list of valid methods for the requested
resource.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.6
Practically it means that your server will return 405 for GET,PUT,DELETE methods.
Related
Why is this second request happening (Request2-1) here and how to solve it.
Your request is redirected and there is not permission to access the resource.
The HTTP 403 Forbidden client error status response code indicates that the server understands the request but refuses to authorize it.
Please check the request details in the view result tree by clicking Request->Request Body and Request->Request Headers
You need to ensure that the request is permitted.
Most probably the resources, you're trying to access require authentication and you're not supplying valid authentication context.
If you do HTTP Status Code 403 means that the user is not allowed to access the endpoint.
See How to use JMeter for Login Authentication article for more information on example bypassing login challenge in JMeter tests.
If "Follow Redirects" is selected in HTTP Request, it will follow the redirects and groups each redirect under the original request as in the image you posted.
Some APIs can redirect, this is normal. Response failure is caused by the request content sent. Check the parameters and body values you sent.
I can GET and POST from my Login apiController (so I can login/signup etc) but I can only GET from an API Controller in an area I have created. I get a 405 (Method Not Allowed)
Check the file you are posting to. Certain web servers, nginx, for example, returns a 405 if you POST to a static file. It's possible that IIS won't accept POST if there is no data payload.
See if your parameters are actually in the data/post part of the request. If your login parameters are in the URL query string, it's still a GET even though your method claims to be a POST. The server might reject empty POST requests.
I am creating different HTTP Requests for a site and taking an access token as a variable from Regular Expression Extractor and using it in another HTTP Request.
The Thread group is working fine; i.e. no error in View Results Tree. But Response data is only coming for the Request with POST Method. Nothing is coming for the Request with GET Method and both requests are taking the access token properly.
In some cases you may get response code 200 ok and request still may fail. In case of your get request that seems to be happening.
Check following:
Headers being sent with get request. (Compare request being sent from JMeter and from real browser.)
Add response assertion to get request to be assure the correctness of the response. (Check what response you get for the request made from browser.)
Make sure you have added cookie manager in the test plan.
I have a server in which the client can register itself as a device (like a mobile device). For the registration, the device must be associated with another resource (say an user) which is already registered on the server. To do that, the client sends a Http Post request to the server, with two params, its own ID and the associated resource ID.
I need to choose an Http Status code to return when the client ask the server to do some procedure and one of the resources indicated in the parameters are not found.
I suggested 404, but my professor said that 404 is used the resource associated to the URI is not found, not when you submit a well-formed request with bad parameters.
What is the most suitable http status and why would you choose?
In my opinion, it fits to:
400 - Bad Request
The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.
OR
403 - Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.
Ref: fc2616
I would use 403 'Forbidden' - meaning, you are forbidden from accessing the page with the request you have sent
I'm building an ODATA compliant API using ASP.NET WebAPI?
Got a question about how it should behave when a $filter has no results?
Should it return an empty collection? or send HTTP 404 response?
Any ideas/reasoning? I'm biased towards returning an empty collection, but would it violate a recommended practice?
Given you are not directly addressing an individual resource at a specific known Request-Uri (e.g. /resource/{uid}) and your collection is also a known addressable Request-Uri (e.g. /resource) then a 404 would be inappropriate.
An empty collection is what I would expect if I was consuming your API.
Stick to the OData specifications 3.0:
9.1.1. 200 OK Response Code
A GET, PUT, MERGE, or PATCH request MAY return 200 OK if the operation is completed successfully. In this case, the response body MUST contain the value of the entity or property specified in the request URL.
9.2.1. 404 Not Found Response Code
If the entity or collection specified by the request URL does not exist, the service SHOULD respond with 404 Not Found and an empty response body.
or even more precise in OData specifications 4.0
9.1.1 Response Code 200 OK
A request that does not create a resource returns 200 OK if it is completed successfully and the value of the resource is not null. In this case, the response body MUST contain the value of the resource specified in the request URL.
9.2.1 Response Code 404 Not Found
404 Not Found indicates that the resource specified by the request URL does not exist. The response body MAY provide additional information.
I do not think HTTP 404 should be used. The code is used to indicate a reference to a non-existing resource.
The HTTP code 204 (no content) might be a better choice then 404. But an empty collection is a better idea because it would make it easier to use the API.