0

Short version: If I decide to reject access to some URI because a client doesn't supply a valid Referer HTTP header, what http status do I response?

Long: Suppose I wrote a blog post with very nice photos. I want my visitors share with their friends by using a link to this blog post, but am a little sad if my visitors share with their friends with a link directly to the image files bypassing my blog post. Besides persuading in words like “please share with your friends with a link to this blog post”, what is a polite way to indicate that the images files are better accessed with corresponding HTTP Referer header by using a certain http status?

把友情留在无盐
  • 119
  • 3

2 Answers2

2

There is no status-code officially dedicated to this (very common) situation and using 400 is wrong (400 means, the server does not understand the request, which is not true).

Depending on your persuasions, you can:

  • Reply with a 301 redirecting to your blog page -- this would cause your images to fail to appear on other people's pages, but folks trying to open them explicitly would be redirected to your page
  • Reply with a 301 to a special image showing, for example, a big red X with a text explaining your position
  • Reply with a 403 Unauthorized which means exactly, what you want: I understand, what you are asking for, but will not give it to you
  • Reply with something more esoteric like 417 Expectation failed or 418 Don't you be no teapot :-)

Be sure to include the brief explanation in the body of your response -- and a link to your blog...

Mikhail T.
  • 2,338
  • 1
  • 24
  • 55
0

To do this, there is no special http response. Typically use 400 "Bad Request" or 444 "Connection Closed Without Response"

Slipeer
  • 3,295
  • 2
  • 21
  • 33