 |
 |
On 10/25/12 7:37 AM, Joe Hourcle wrote: > You didn't answer the question -- why would you not have some sort of > check on the AJAX application (or any application, web or otherwise) > to do at least minimal sanity checking on the result of an external > call? Because putting the onus of sanity checking on the web page isn't the best solution in this case. Of course, it should be set up to handle unexpected results sensibly in any case. > In the case of something requiring authentication, if it's a well > designed back-end, it should return some HTTP status other than 200; > 401 or 403 would be most appropriate. I've unfortunately worked with > ColdFusion in the early days before they added <cfheader> to allow you > to change the status code so that it was something other than 200. Which is exactly the point I was about to make before I read your second paragraph; the server, not the web page, should be fixed up to make things work sensibly. > I've also seen websites that cheat to install a 'handler' for all > requests by linking to a PHP script using Apache's 404 ErrorHandler > directive. This also has the side effect that search engines won't > index your site at all (as they assume it's all errors) > > In both of these cases, I'd say the service is poorly designed if you > can't easily identify a failure. You can send a login page along with > your 401 status, but you *should* *not* send a 30x redirect to a login > page, as then the actual status message is lost. (the content hasn't > been moved ... you just want someone to go to the login page ... the > HTTP specs don't forbid a Location field w/ a 40x status, although I > admit I've never verified that major browsers support it) I think we're in agreement here. -- Gary McGath, Professional Software Developer http://www.garymcgath.com