Ghost: Inconsistent response codes for "resource created" responses
We have some inconsistency with the response codes returned for "resource created" responses. Some are returning 201 Created whereas others are returning 200 OK.
From my recent experience:
POST /posts/returns201POST /webhooks/returns201POST /subscribers/returns200POST /invites/returns200
The response code is determined by the presence of a Location header, with the Location header being added on an ad-hoc basis which could be simplified as it's mostly duplication. Simplifying the logic of adding the header so that the default behaviour is applied for all non-special POST requests would also have effect of automating a 201 for any future resources.
After a little investigation it's been determined that the Location header is not used by Ghost-Admin, it was added for the original Backbone implementation of the admin area. If it's not used anywhere else we could probably remove all of the logic around the Location header and simply return 201 for all successful POST requests.
kevinansfield
All 10 comments
The only endpoint that I think would need a special case is /authentication/. There are quite a few POST routes there, and they don't all result in creation. e.g. POST /authentication/revoke/ but I assume they are POST requests to conform to oauth standards.
ErisDS
on 12 Dec 2017
Hey, I'm planning on fixing this issue and wish to get assigned to it.
hbogaeus
on 12 Feb 2018
@hbogaeus adding your name here is enough 馃槃 Thanks for taking a look! If you run into any issues or need any help please check out the #contributing channel on our Slack team
kevinansfield
on 12 Feb 2018
@kevinansfield Excellent, thanks!
hbogaeus
on 12 Feb 2018
Hey @kevinansfield how should PUT requests be handled? Most (all?) of them result in creation (or the updating of a resource) and should thus respond with a 201?
hbogaeus
on 14 Feb 2018
@hbogaeus 200
kirrg001
on 15 Feb 2018
After a little investigation it's been determined that the Location header is not used by Ghost-Admin, it was added for the original Backbone implementation of the admin area. If it's not used anywhere else we could probably remove all of the logic around the Location header and simply return 201 for all successful POST requests.
From https://tools.ietf.org/html/rfc7231#section-6.3.2
The primary resource created by the request is identified
by either a Location header field in the response or, if no Location
field is received, by the effective request URI.
That means to me, if we don't return the Location header, the request url identifies the created resource. So e.g. if you create a post, you trigger. POST /posts. This route does not identify the created resource. GET /posts is paginated and returns a bunch of posts (maybe not the created post).
I would like to keep the Location header for now and only concentrate on the correct status codes. Or let me know, if i am misunderstanding the RFC spec 馃憤
kirrg001
on 27 Feb 2018
We will ensure resource creation is consistent in API v2, but not for v0.1.
We can also get rid of the location header in v2. If we want to add something similar in the future, we can do of course.
After a little investigation it's been determined that the Location header is not used by Ghost-Admin, it was added for the original Backbone implementation of the admin area. If it's not used anywhere else we could probably remove all of the logic around the Location header and simply return 201 for all successful POST requests.
kirrg001
on 20 Sep 2018
I would advocate strongly for _not_ returning a post URL in the location header in v2. If we keep it, the location should be for the Content API resource URI, rather than the "front-end" location.
ErisDS
on 20 Sep 2018
Closing this issue. API version V2 does not return the location header and it returns consistent status codes for adding + destroying resources.
kirrg001
on 18 Oct 2018
Related issues
fueko
路
3Comments
hjzheng
路
4Comments
RadoslavGatev
路
3Comments
krokofant
路
3Comments
albizures
路
3Comments