What status can I return in an attempt to submit a form without a TOKEN?

5

I'd like to know what status http I should return in my application if someone is trying to forge a request via form.

The application I developed is done in Laravel 4 and I'm using that CSRF_TOKEN .

The CSRF_TOKEN is intended to be able to preface attacks from Cross-Site Request Forgery .

Would it be correct to use some of the methods such as 400 - Bad Request , 503 - internal server error , or 403 - unauthorized access , if there is a forged request attempt? Or simply, should I not return any% w / o% or error?

    
asked by anonymous 13.02.2015 / 14:02

1 answer

7

Based on the HTTP status code list and its descriptions I recommend.

400 - Bad request

  

400 Invalid Request (Bad Request)   The request can not be delivered due to incorrect syntax.

The fact that a TOKEN parameter is missing, this message best describes the error that occurred during the request

Why not 403 Proibido (unauthorized access) ?

  

403 Forbidden (unauthorized access)
  The request was a legal request, but the server is refusing to respond to it.   Unlike a 401 - Não autorizado(Unauthorized) , authentication will not make any difference.

In case it is not an access denied to a request or directory but the lack of a parameter in the request, in this way the lack of privileges does not best portray the failure of the request.

Why not 503 - internal server error ?

  

503 Service Unavailable
  The server is down or unable to handle resource processing due to system overhead. This should be a temporary condition.

In fact, your server does not present any errors, this is not the best answer for an incorrect access to a request.

    
13.02.2015 / 14:41