What status code should I return for a non AJAX request to an AJAX only URL?

If the URL is requested not using AJAX what开发者_运维问答 status code should be returned? 400?

I think 403 Forbidden ist best.

501 Not Implemented does not fit well, because the resource is implemented, but just not suited for that kind of request.

400 Bad Request ist not a good choice either, because this implies, according to the spec, that "the request could not be understood by the server due to malformed syntax", which is not the case here.

I'm not convinced that you're really helping anyone by policing this value. I'd prefer a philosophy of trying to send back useful data in all cases. However, it's not much of a stretch to imagine similar situations where we do need a policy. For example, suppose we have a service that can return JSON or XML depending upon the mime type, perhaps it is better to return a clear response code if an unexpected mime type is specified.

W3 say

The 4xx codes are intended for cases in which the client seems to have erred, and the 5xx codes for the cases in which the server is aware that the server has erred. It is impossible to distinguish these cases in general, so the difference is only informational.

The body section may contain a document describing the error in human readable form. The document is in MIME format, and may only be in text/plain, text/html or one for the formats specified as acceptable in the request.

And so it seems clear that the response should be a 4xx, it't the client supplying an invalid request. I'd go with 400 BAD REQUEST and make sure that the text returned explains why the request is considered bad.

W3 says for 400: The request had bad syntax or was inherently impossible to be satisfied, and that does indeed seem to be the case.

I'd go 400 Bad Request, since it has the implication not to retry the request.

Failing that, 418 I'm a teapot, just to confuse 'em :)