steve-bate
commented
1 month ago I think this will be controversial, but I'll hold off on more comments until there's more community feedback. I could be wrong.
Claiming that 404 NOT FOUND should always be used for a well-formed request without an account behind it is debatable. For example, 410 GONE could be a possibility if the request is for a prior account that has been moved or deleted. Or maybe 403 FORBIDDEN ("The server understood the request, but is refusing to fulfill it.") might be used for some obscure reason (e.g., not wanting to expose if the resource exists or not). In any case, I do agree that 400 BAD REQUEST is not correct for the Mastodon response when the request is well-formed. However, I've never heard of Mastodon's 400 status code causing a problem.
For future reference, this is the Mastodon code (webfinger_resource.rb):
def username
case resource
when %r{\A(https?://)?#{instance_actor_regexp}/?\Z}
Rails.configuration.x.local_domain
when /\Ahttps?/i
username_from_url
when /@/
username_from_acct
else
raise InvalidRequest
end
end
jernst
I think the status codes in the tests are correct. I have added some notes to index-annost.html to that effect.
See #56, #61.