Closed NikolaySl closed 9 years ago
sheerun
commented
9 years ago It's actually appropriate code, because exactly the same request shoudn't be repeated. It should be sent again with different parameters. Even if it was wrong, unfortunately it's not worth the time to change it now.
NikolaySl
commented
9 years ago The "409 Conflict" gives more info - "The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request."
Also 403 is widely associated with authorization error - https://en.wikipedia.org/wiki/HTTP_403
sheerun
commented
9 years ago This change requires changes also in few packages that bower uses (like bower-registry-client) and can break existing integrations with API. It's simply not worth to change it now, if the gain is only better semantics. Thank you for suggestion, tough. We can use this error code for 2.0 version of API.
https://github.com/bower/registry/blob/master/lib/routes/packages.js#L161
According to HTTP spec (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4) 403 means that "the server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated.".
But application can fulfill the request if user modify the request parameter value. The 409 or 400 should be used here.