Should content be served with a non-200 status?

S

shadowq

Verified User
Joined
Dec 5, 2010
Messages
89
Excuse my ignorance with some of this: I've tried to search but I'm not sure what to search for!

When one of our servers returns a non-200 status, the content is not coming along with it.
For example, if a user tries to log in to Roundcube with incorrect password, it will redirect to a static "unauthorized" (401) page. On another server, it returns the 401 with the "incorrect login details" data so the Roundcube login page knows what to do with it.
For another example, if a user puts their WP into maintenance mode which makes use of 503 response, it will show a static "server maintenance" (503) page. On another server, it will return the 503 header with the correct maintenance page so that the user knows what's going on.

What am I looking for? Both servers are running nginx_apache. Any help would be appreciated.

Thank you!
 
zEitEr said:
Hello,



Good question, I would address the same to you 🙂 .

I try and guess, you are about to customize default error pages of a webserver. Is it what you are asking about?
Click to expand...
Thanks for the reply!
I don’t think it’s the default error pages (unless they can be disabled?). It’s more that an ErrorDocument is being shown when it shouldn’t be. Does that make sense?
 
I'm still trying to understand what you need. Kindly elaborate. Do you want to customize error pages? Do you want to disable custom error pages? Or what?
 
I'm sorry- I'm obviously not explaining myself properly.

I'll explain with a couple of screenshots, using roundcube as an example. If a user type incorrect credentials into a roundcube login, I have seen 2 different responses.

1) User enters incorrect details: "Login failed." appears in the bottom right corner, and the user is able to try again
1744196583549.png

2) User enters incorrect details: User is redirected to an "Unauthorized" page. To try again, they must go back to the login page and try again.
1744196687592.png


My understanding is that the first option is the proper option, with the header of 401 being sent but still being handled in a nice way.

Perhaps I'm way-off here, and that's not correct. Thanks in advance!
 
Hello,

In the first example you can see an usage of JavaScript for authentication. Here can you find more details: https://www.freecodecamp.org/news/javascript-post-request-how-to-send-an-http-post-request-in-js/

shadowq said:
My understanding is that the first option is the proper option, with the header of 401 being sent but still being handled in a nice way.
Click to expand...

Is it still RoundCube in the second example? Is it RoundCube on the same server? And the same user gets it? Or not?
 
You must log in or register to reply here.
Back
Top