400 response isn't generic

[mnot@…]

When people have error states that don't cleanly fit into an existing status code, they're often encouraged to use 400 or 500, depending on whether the client or server were at fault, as they're the most "generic" status codes.

500's definition fits this:

8.5.1. 500 Internal Server Error

The server encountered an unexpected condition which prevented it from fulfilling the request.

However, 400 is much more specific:

8.4.1. 400 Bad Request

The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.

I think the 400 definition needs to be broadened, so that people don't invent their own status codes, or misuse existing ones.

E.g.,

""" The server can or will not process the request, due to a client error (e.g., malformed syntax). """

Also, it currently says:

The client SHOULD NOT repeat the request without modifications.

To make it generically useful, it should say something like:

The client SHOULD NOT repeat the request without modifications, unless the response has a Retry-After header.

[julian.reschke@…]

From [1342]:

400 response isn't generic (see #303)

[mnot@…]

This decision was editorially overridden in -21; please revert to reflect the issue resolution, or bring up why on-list.

[julian.reschke@…]

From [2316]:

make description of status code 400 generic again (see #303)

[fielding@…]

From [2325]:

For 400, note that the error is perceived to be from the client, and supply at least the minimum examples that cover what we require a 400 to be sent in p1; updates [2316] which addresses #303