Home > Net >  What's the proper HTTP error code to use when request is missing origin header?
What's the proper HTTP error code to use when request is missing origin header?

Time:04-04

I am designing an API and a requirement to access some endpoints is the Origin header must be set in the request. I am rejecting requests that either (a) are missing the header altogether or (b) are sending requests from an origin that is not in a specified white/allowlist.

When I reject requests that do not meet these criteria, what is the correct HTTP error code to use? I initially thought 401 or 403, but there's not any true authentication/authorization issue in these cases. 400 feels too generic. Is there a code more specific to this scenario?

CodePudding user response:

The 400 may feel "too generic" but I think it's for this exact scenario where you are rejecting incomplete or otherwise bad requests.

Page link:https//www.codepudding.com/net/359451.html

Prev:Python - Web directory file names return blank (Requests & BeautifulSoup)
Next:Working on ArrayList in Java, I'm not sure why the loop isn't working
  •  Tags:  
    • http
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding