Returning successful/failed AJAX responses, and HTTP-status codes

Question

Let's say I have a StackOverflow-esque site. I want to post a comment underneath someone's answer. Two things can happen:

1) The comment post is successful. I return the actual formatted DIV as some JSON response, set the JSON.

{
    "Success": true, 
    "Data": "some escaped html to inject"
}

2) The comment post is unsuccessful. I return the error as the JSON response.

{
    "Success": false, 
    "Data": "You can only post every 15 seconds"
}

Is this the correct way to do things? I notice that StackOverflow is returning Apache 500 Internal error codes when a comment post is unsuccessful, which I find fishy.

Isn't a 500 Internal error reserved for things that are actually wrong with the server, not just because some comment validation failed?

Answer 1

I agree that using 500 Internal error is a little strange, but there are a multitude of applicable response codes you can use to meet your needs.

There's a good list here: http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

Example:

User isn't logged in, needs to be logged in to comment. Send: 401 Unauthorized

User is logged in, trying to comment on a closed thread. Send 403 Forbidden or 400 Bad Request.

Answer 2

I agree that 500 isn't ideal. It should be a 4xx status because it was a problem with the client. 409 is a possible choice. It's not an exact fit, but it does include "This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request"; they can resolve the conflict by waiting.