Why does a return with status code 200 return before a 204?

Asked

Viewed 3,663 times

18

I have noticed that every answer from Success (200) there is also an answer No Content (204).

I was curious and went to search in MDN on status 200, the only thing that says that the success results of a PUT and a DELETE must return a 204. I’ve been making a requisition GET and after that I have a request with the verb OPTIONS returning a status 204.

inserir a descrição da imagem aqui

Because a return with status code 200 also returns a 204 with the verb OPTIONS?

  • "[...] For example, a 204 status code is commonly used with document editing interfaces corresponding to a "save" action, so the document being saved remains available to the user for editing. " - https://httpstatuses.com/204

1 answer

24


The return 204 is pure convention, the code means a successful response with no content (body).

The requisition OPTIONS itself is a "special" request made by the browser when you request resources from another domain (cross-Domain). Serves to check if you are able to make this request to another domain.

She sends the headers Access-Control-Request-Method, Access-Control-Request-Headers and Origin.

If the server accepts the request, the browser will receive a response containing the headers (prefixed with Access-Control-*) defining what is available for a particular endpoint.

The name of it is preflight request.

You can see more details on MDN.

In your example, a request with the header Access-Control-Request-Headers defined as Authorization and Access-Control-Request-Method defined as GET.

The server responded by saying that it is all right (204) and that you can send the header Authorization that it will be accepted and interpreted, moreover, there is the header Access-Control-Allow-Origin that defines this endpoint can be called by any source.

  • Excellent answer if you don’t have the CORS configured what is returned?

  • @Marconi depends on implementation. Just like everything I say in the answer also depends. The convention says what to do, it’s no rule. However, most likely (I can’t confirm now) the return will be a code 500 with some header identifying that it is a request that violates the cross-Omain policy.

  • I find it interesting to have in the answer, so it would be more complete, what do you think?

  • 1

    @Marconi yes, I was trying to edit, but I gave up. By cell phone is horrible. When I have access to a better device I edit.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.