Closed JasonKeirstead closed 5 years ago
varnerac
commented
6 years ago IMO, it should be a 404. The resource is the status, and a status could not be found.
406 is "Not Acceptable" and is specific to Accept headers:
The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request.
The lack of a status has nothing to do with the Accept headers
jordan2175
commented
5 years ago I have proposed the following text:
If the POST was processed synchronously then the server MUST return an HTTP status of 404 (Not Found).
jordan2175
commented
5 years ago The text we ended up with is:
TAXII Servers SHOULD accept queries for a given status ID for at least 24 hours after the server has finished processing the request. Once a TAXII client receives a status resource where the status value is complete for a given status ID it SHOULD never pull for that status ID again. If the TAXII Server receives a request on the status endpoint for a status ID that is no longer available, the server MUST return an HTTP status of 404 (Not Found).
TAXII 2 defined this //status// endpoint that allows one to poll for status of adding objects to a collection, to allow for cases when adding to a collection might be an asynchronous task.
However, due to how the spec is ambiguously worded, it is unclear to the implement what they are supposed to respond to this endpoint if they process inserts immediately.
The only thing the spec says is "TAXII Servers SHOULD provide status messages at this Endpoint while the request is in progress until at least 24 hours after it has been marked completed." - that statement is basically meaningless without more information as to what should be replied to a request for status that was immediately fufilled, because the only allowed response code is 404 "Not found".