c# - Why HttpRequestValidationException has 500 http error code instead of 400? -

-

when tested web-app based on mvc5 found httprequestvalidationexception returns 500 gethttpcode().
catch exception during security testing of requests server. mvc performs request validation , throws exception, processed in application_error , got 500 code returned, but, in fact, if user passed wrong input server should return 400 error (bad request). don't understand why exception has 500 error. wrong ?

there 4 reasons why 500 might considered more appropriate.

  1. one isn't clear when httprequestvalidationexception happens did wrong thing. user quite sent incorrect, it's possible server incorrectly rejected fine. considering default behaviour on many requests could malicious, it's probable majority of cases thrown in response non-malicious requests (the user isn't actively trying site harm) fall category. hence either should consider 4xx or 5xx , 5xx assumption (don't blame client when aren't sure it's client's fault).

  2. when happens in non-malicious case needs attention developer, true of 4xx codes (a 404 might need developer-attention because 404 caused bad link on same site, might not). sort of feedback 1 gets 500 responses more appropriate.

  3. the general model asp.net started pretty mapped exceptions 500 responses, make sense lot of time. mvc has (sensibly) replaced more exceptions map other error conditions, httprequestvalidationexception predates mvc.

now points made, can't agree of them. i'd still httprequestvalidationexception means client error , if mis-identified such, still identified such, it's 400.

however, final reason is:

  1. while description of 400 status in rfc 7231 seem quite cover such requests, rfc 7231 published in 2014. httprequestvalidationexception , handling of goes @ least 2003, when rfc 2616 relevant rfc. under description of 400 in rfc, 400 read relating requests actual http message mal-formed. while people did use 400 more catch-all "client did wrong" response, wasn't clear doing correct.

even though gives reason why 500 may have been more appropriate reaction 1.5 years ago, not why should remain. changing though have backwards-compatibility implications may not idea.

still, if given application writing makes conscious use of httprequestvalidationexception (rather overriding entirely own validation uses different approach) it's sensible catch such exceptions , send 400 rather 500.


Comments

Post a Comment

Popular posts from this blog

Hatching array of circles in AutoCAD using c# -

-
i beginner in autocad plugins .i have created array of circle using following code. now, have hatch circles in array .how that??how hatch circles @ once? moreover, how can return hatch method , use hatch objects.sorry language.thanks in advance. [assembly: commandclass(typeof(beamsection.class1))] namespace beamsection { public class class1 { //class1 obj = new class1(); [commandmethod("beamatsupport")] public void addlightweightpolyline() { // current document , database document acdoc = application.documentmanager.mdiactivedocument; database accurdb = acdoc.database; promptpointresult ppr = acdoc.editor.getpoint("\nselect starting point "); var ucs = acdoc.editor.currentusercoordinatesystem; point3d startingpt = ppr.value.transformby(ucs); list<double> radius = new list<double>(); radius.add(0.5);
Read more

ios - UITEXTFIELD InputView Uipicker not working in swift -

-
hello trying pop uipickerview view programmatically when user clicks on textfield. have tried doesn't doing anything. isn't working. nothing happening when click textfield class userprofiletableviewcontroller: uitableviewcontroller,uitextfielddelegate,uipickerviewdelegate,uipickerviewdatasource { var itempicker: uipickerview! = uipickerview() @iboutlet weak var gendertxtfield: uitextfield! var gender = ["male","female"] override func viewdidload() { super.viewdidload() gendertxtfield.delegate = self itempicker!.delegate = self itempicker!.datasource = self itempicker!.backgroundcolor = uicolor.blackcolor() self.gendertxtfield.inputview = itempicker } func numberofcomponentsinpickerview(pickerview: uipickerview) -> int{ return 1 } // returns # of rows in each component.. func pickerview(pickerview: uipickerview, numberofrowsincomponent component:
Read more

Python Pig Latin Translator -

-
so have been working on @ codecademy.com while trying learn python. don't know if blind , can't see why won't work or what. here's code won't let me use. function print variable if had typed in , print "empty" if didn't type anything. print "welcome english pig latin translator!" original = raw_input("what's name?") if len(original) > 0 print original else print "empty" if len(original) > 0 else the above lines contains syntax errors. try: if len(original) > 0: else: note added colons, ( : ).
Read more