fix: use 400 Bad Request for expired passcode instead of 408#2402
Closed
jaffarkeikei wants to merge 1 commit intoteamhanko:mainfrom
Closed
fix: use 400 Bad Request for expired passcode instead of 408#2402jaffarkeikei wants to merge 1 commit intoteamhanko:mainfrom
jaffarkeikei wants to merge 1 commit intoteamhanko:mainfrom
Conversation
Resolves teamhanko#2398 ## Summary Changed HTTP status code from 408 (Request Timeout) to 400 (Bad Request) when a passcode has expired. This better aligns with HTTP semantics and the actual error condition. ## Changes - Changed status code from `http.StatusRequestTimeout` (408) to `http.StatusBadRequest` (400) in passcode.go - Updated error message from "passcode request timed out" to "passcode has expired" for clarity - Removed TODO comment as the issue has been resolved ## Rationale HTTP 408 (Request Timeout) is meant for situations where: - The client took too long to send the request - The server timed out waiting for request data - Network/connection issues caused timeouts HTTP 400 (Bad Request) is appropriate when: - Client sends invalid or expired data (like an expired passcode) - Application-level validation fails - Business logic determines request is malformed ## Impact - Prevents HTTP clients from auto-retrying (which they often do for 408s) - Improves monitoring accuracy (408s typically indicate infrastructure issues, not validation failures) - Aligns with RFC 7231 HTTP status code semantics - Better API ergonomics for API consumers ## References - RFC 7231: https://tools.ietf.org/html/rfc7231#section-6.5.1
Member
|
Won't do. Old API endpoints are already marked deprecated and slated for removal in the near future. Closing this PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves #2398
Summary
Changed HTTP status code from 408 (Request Timeout) to 400 (Bad Request) for expired passcodes.
Changes
http.StatusRequestTimeout→http.StatusBadRequestWhy?
HTTP 408 is for network/client timeouts, not application validation failures. Using 400 prevents clients from auto-retrying and correctly indicates a client error.
Impact