HTTPS Methods and Status Codes

Here’s a curated list of HTTPS methods and status codes for quick reference by web devs:

METHODS:

• ‘ACL’,
• ‘BIND’,
• ‘CHECKOUT’,
• ‘CONNECT’,
• ‘COPY’,
• ‘DELETE’,
• ‘GET’,
• ‘HEAD’,
• ‘LINK’,
• ‘LOCK’,
• ‘M-SEARCH’,
• ‘MERGE’,
• ‘MKACTIVITY’,
• ‘MKCALENDAR’,
• ‘MKCOL’,
• ‘MOVE’,
• ‘NOTIFY’,
• ‘OPTIONS’,
• ‘PATCH’,
• ‘POST’,
• ‘PRI’,
• ‘PROPFIND’,
• ‘PROPPATCH’,
• ‘PURGE’,
• ‘PUT’,
• ‘REBIND’,
• ‘REPORT’,
• ‘SEARCH’,
• ‘SOURCE’,
• ‘SUBSCRIBE’,
• ‘TRACE’,
• ‘UNBIND’,
• ‘UNLINK’,
• ‘UNLOCK’,
• ‘UNSUBSCRIBE’

STATUS_CODES:

• ‘100’: ‘Continue’,
• ‘101’: ‘Switching Protocols’,
• ‘102’: ‘Processing’,
• ‘103’: ‘Early Hints’,
• ‘200’: ‘OK’,
• ‘201’: ‘Created’,
• ‘202’: ‘Accepted’,
• ‘203’: ‘Non-Authoritative Information’,
• ‘204’: ‘No Content’,
• ‘205’: ‘Reset Content’,
• ‘206’: ‘Partial Content’,
• ‘207’: ‘Multi-Status’,
• ‘208’: ‘Already Reported’,
• ‘226’: ‘IM Used’,
• ‘300’: ‘Multiple Choices’,
• ‘301’: ‘Moved Permanently’,
• ‘302’: ‘Found’,
• ‘303’: ‘See Other’,
• ‘304’: ‘Not Modified’,
• ‘305’: ‘Use Proxy’,
• ‘307’: ‘Temporary Redirect’,
• ‘308’: ‘Permanent Redirect’,
• ‘400’: ‘Bad Request’,
• ‘401’: ‘Unauthorized’,
• ‘402’: ‘Payment Required’,
• ‘403’: ‘Forbidden’,
• ‘404’: ‘Not Found’,
• ‘405’: ‘Method Not Allowed’,
• ‘406’: ‘Not Acceptable’,
• ‘407’: ‘Proxy Authentication Required’,
• ‘408’: ‘Request Timeout’,
• ‘409’: ‘Conflict’,
• ‘410’: ‘Gone’,
• ‘411’: ‘Length Required’,
• ‘412’: ‘Precondition Failed’,
• ‘413’: ‘Payload Too Large’,
• ‘414’: ‘URI Too Long’,
• ‘415’: ‘Unsupported Media Type’,
• ‘416’: ‘Range Not Satisfiable’,
• ‘417’: ‘Expectation Failed’,
• ‘418’: “I’m a Teapot”,
• ‘421’: ‘Misdirected Request’,
• ‘422’: ‘Unprocessable Entity’,
• ‘423’: ‘Locked’,
• ‘424’: ‘Failed Dependency’,
• ‘425’: ‘Too Early’,
• ‘426’: ‘Upgrade Required’,
• ‘428’: ‘Precondition Required’,
• ‘429’: ‘Too Many Requests’,
• ‘431’: ‘Request Header Fields Too Large’,
• ‘451’: ‘Unavailable For Legal Reasons’,
• ‘500’: ‘Internal Server Error’,
• ‘501’: ‘Not Implemented’,
• ‘502’: ‘Bad Gateway’,
• ‘503’: ‘Service Unavailable’,
• ‘504’: ‘Gateway Timeout’,
• ‘505’: ‘HTTP Version Not Supported’,
• ‘506’: ‘Variant Also Negotiates’,
• ‘507’: ‘Insufficient Storage’,
• ‘508’: ‘Loop Detected’,
• ‘509’: ‘Bandwidth Limit Exceeded’,
• ‘510’: ‘Not Extended’,
• ‘511’: ‘Network Authentication Required’

Working around untrusted certificate errors in Express JS

A few very common fatal errors thrown by the request module for express while trying to access data from self-signed web servers are Error: DEPTH_ZERO_SELF_SIGNED_CERT and UNABLE_TO_VERIFY_LEAF_SIGNATURE

This is because of https://github.com/nodejs/node-v0.x-archive/pull/4023 which mandates NodeJS to validate a server’s certificate by default, which needless to say is how things should be in a production environment.

However, more often than none we tend to use self-signed SSL certificates in our development environments or even within internal networks.

Thankfully for such brain-wracking moments, two particular flags come to our rescue. Enter strictSSL and rejectUnauthorized. The way I personally like to use these flags, is to set defaults within my development environments as follows to bypass SSL validation hence, saving the day! 🙂

var request = require('request').defaults({
    strictSSL: false,
    rejectUnauthorized: false
 });

Please do note, that I do not recommend that you ever try this on your production systems without understanding the true implications of what disabling strictSSL and rejectUnauthorized means for you node server. By disabling these, you are essentially telling your server to skip validation of the requested server’s identity, which leaves your application in quite a vulnerable position.