Should content be served with a non-200 status?

S

shadowq

Verified User
Joined
Dec 5, 2010
Messages
91
Excuse my ignorance with some of this: I've tried to search but I'm not sure what to search for!

When one of our servers returns a non-200 status, the content is not coming along with it.
For example, if a user tries to log in to Roundcube with incorrect password, it will redirect to a static "unauthorized" (401) page. On another server, it returns the 401 with the "incorrect login details" data so the Roundcube login page knows what to do with it.
For another example, if a user puts their WP into maintenance mode which makes use of 503 response, it will show a static "server maintenance" (503) page. On another server, it will return the 503 header with the correct maintenance page so that the user knows what's going on.

What am I looking for? Both servers are running nginx_apache. Any help would be appreciated.

Thank you!
 
zEitEr said:
Hello,



Good question, I would address the same to you 🙂 .

I try and guess, you are about to customize default error pages of a webserver. Is it what you are asking about?
Click to expand...
Thanks for the reply!
I don’t think it’s the default error pages (unless they can be disabled?). It’s more that an ErrorDocument is being shown when it shouldn’t be. Does that make sense?
 
I'm still trying to understand what you need. Kindly elaborate. Do you want to customize error pages? Do you want to disable custom error pages? Or what?
 
I'm sorry- I'm obviously not explaining myself properly.

I'll explain with a couple of screenshots, using roundcube as an example. If a user type incorrect credentials into a roundcube login, I have seen 2 different responses.

1) User enters incorrect details: "Login failed." appears in the bottom right corner, and the user is able to try again
1744196583549.png

2) User enters incorrect details: User is redirected to an "Unauthorized" page. To try again, they must go back to the login page and try again.
1744196687592.png


My understanding is that the first option is the proper option, with the header of 401 being sent but still being handled in a nice way.

Perhaps I'm way-off here, and that's not correct. Thanks in advance!
 
Hello,

In the first example you can see an usage of JavaScript for authentication. Here can you find more details: https://www.freecodecamp.org/news/javascript-post-request-how-to-send-an-http-post-request-in-js/

shadowq said:
My understanding is that the first option is the proper option, with the header of 401 being sent but still being handled in a nice way.
Click to expand...

Is it still RoundCube in the second example? Is it RoundCube on the same server? And the same user gets it? Or not?
 
Thanks again for your help in trying to sort this out!

Both examples are RoundCube. We have 3 servers respond with the second example. A previous server used to respond with the first example.

Let me try again: I guess what I'm trying to say is: when PHP is sending a HTTP status code, it looks like something is taking over and showing a generic server page instead of any other page content that it sent with the HTTP status code.

Eg: if you set a response_code like below, this is what should output, right?
1744600699782.png

However, if I run that on our servers, I get:
1744600742623.png

So what exactly is taking over and sending a generic server-wide page? Does that make sense?
 
shadowq said:
So what exactly is taking over and sending a generic server-wide page? Does that make sense?
Click to expand...

For Apache that should be done either in mod_rewrite or by redefining ErrorDocument

Code: 
ErrorDocument 503 "We'll back soon!"
ErrorDocument 503 /error.php
ErrorDocument 503 http://error.example.com/server_error.html

But, if you route HTTP/5xx to a PHP script, then Apache/Nginx still might report a HTTP/5xx error in it's own default design, in case it can not get a response from PHP-FPM socket
 
You must log in or register to reply here.
Back
Top