Hi.

Is there some Dockerfile to build httpstatus as a container image?

It would probably have to be another route, but it'd be cool if we could test a successful OPTIONs response with CORS headers and then get the status code on any non-OPTIONS requests.

Something like: http://httpstat.us/400/cors

For an OPTIONS request would have to echo the values from Origin, Access-Control-Request-Method and Access-Control-Request-Headers if present or use * otherwise. Response status code would always be 200.

For any other request type return the correct status code and * for the CORS headers.

Happy to help out with code if this is something you want to support.

Could we have a feature for multiple reponse codes, e.g. http://httpstat.us/302/307/401, which does a HTTP 302 first, redirecting to httpstat.us/307/401, redirecting to httpstat.us/401?

I'm trying to see how the 102 works using curl:

curl -v "https://httpstat.us/102"

But I only get this response:

> GET /102 HTTP/1.1
> Host: httpstat.us
> User-Agent: curl/7.58.0
> Accept: */*
> 

According to the spec, 102 should actually eventually be followed by a valid status code & response, but nothing's coming.

If I get a completely clean clone of the project, open in Visual Studio 2019, build then run I get:
Process with an Id of 28344 is not running.
Debug output shows:
The program '[28344] iisexpress.exe' has exited with code 0 (0x0).

Any idea why this happens?

Allow choose to return empty body, for example

httpstat.us/200?empty=true

Allow to choose which header location is absent

httpstat.us/200?headerloc=false

Similar this test web
http://test.greenbytes.de/tech/tc/httpredirects/

Would be nice to have a url where we can specify how long we want the response after (Helps to test whether a piece of code times out correctly)

Wonder if thats even possible ?

dotnet --version
3.0.100

Cd src in repo httpstatus

ls
Teapot.sln  Teapot.Web

Build:

dotnet build
Microsoft (R) Build Engine version 16.3.0+0f4c62fea for .NET Core
Copyright (C) Microsoft Corporation. All rights reserved.

  Nothing to do. None of the projects specified contain packages to restore.
/root/httpstatus/src/Teapot.Web/Teapot.Web.csproj(145,3): error MSB4019: The imported project "/usr/share/dotnet/sdk/3.0.100/Microsoft/VisualStudio/v16.0/WebApplications/Microsoft.WebApplication.targets" was not found. Confirm that the path in the <Import> declaration is correct, and that the file exists on disk.

Build FAILED.

/root/httpstatus/src/Teapot.Web/Teapot.Web.csproj(145,3): error MSB4019: The imported project "/usr/share/dotnet/sdk/3.0.100/Microsoft/VisualStudio/v16.0/WebApplications/Microsoft.WebApplication.targets" was not found. Confirm that the path in the <Import> declaration is correct, and that the file exists on disk.
    0 Warning(s)
    1 Error(s)

Time Elapsed 00:00:00.43

Now that we have 2 public protocols that can respond with 101 (websocket, and h2c) having this would also be keen.

https://tools.ietf.org/html/draft-ietf-httpbis-legally-restricted-status-02

Sometimes, the real world doesn't conform to standards. While developing SimpleBrowser (https://github.com/SimpleBrowserDotNet/SimpleBrowser), one of our users has reported that SimpleBrowser crashes when a web server returns 0 for an HTTP status code. In looking for a way to test and fix that issue, I found httpstat.us. Unfortunately, when I ask httpstat.us to return a 0 status code, the site says "What you've requested doesn't exist...", which not true. It does exist ... in a web server or application that does exist, but does not conform to standards. It is possible that the response was actually an XMLHtmlRequest (https://fetch.spec.whatwg.org/). Earlier versions of this specification did have a 0 response status code (https://www.w3.org/TR/2014/WD-XMLHttpRequest-20140130/#dom-xmlhttprequest-status).

Is there any chance that the application could be modified to allow for a 0 status code?

You're setting Retry-After for error 429 but enabling CORS doesn't add Access-Control-Allow-Headers for Retry-After so I can't read it from within a browser.

Hello, I found your website and thought it would be useful to test some Angular HTTP calls. However, since everything fails CORS, it doesn't work at all.

Would it be possible to add a query string parameter or something to enable CORS for situations such as this?

Testing program

public class SslTest{

	public static void main(String[] args) throws java.io.IOException {
		 new java.net.URL("http://httpstat.us/200").openConnection().getInputStream();
	}
	
}

Output

Exception in thread "main" java.io.IOException: Server returned HTTP response code: 403 for URL: http://httpstat.us/200
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1876)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at SslTest.main(SslTest.java:4)

$ ping https://httpstat.us
ping: cannot resolve https://httpstat.us: Unknown host

I want to know if it is possible to override the response body with a custom json object?

Handling response code 100 is often viewed as tricky.
Having that available as well would be keen.

Example: http://httpstat.us/666?m=Evil%20Code

666 666 Evil Code

The 1XX codes do not work. This presumably because of some reverse proxy or middleware you have setup.

100/101 hang forever. Any other codes produce a 502 error.

the 408 should not answer, this way we generate the error on our side.
The lib that i am using should not get a response and raise a 408.

does this make any sense to you ?

This service is a great idea.

But one item that may limit adoption is the lack of (any) detail about what's done with the logs. This service would be much more approachable if you could demonstrate you were /dev/null'ing all logs.

Hello,

Would be great to have an endpoint which will return random statuses.
For example:
/random/200-500
or /random?list=200,400,500
or /succces-or-failure (For ex.: 200 or 500)

https://httpstat.us/200 for example is broken, given Expired: Wednesday, 10 October 2018 at 22:51:56 British Summer Time, which was yesterday.

hello I'm trying to use the 302 but its return 200

The domain is not resolving so the site is offline:

dig A httpstat.us

; <<>> DiG 9.10.6 <<>> A httpstat.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3320
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;httpstat.us.                   IN      A

;; AUTHORITY SECTION:
us.                     899     IN      SOA     a.cctld.us. hostmaster.neustar.biz. 2026253498 900 900 604800 86400

;; Query time: 70 msec
;; SERVER: 10.250.0.254#53(10.250.0.254)
;; WHEN: Mon Feb 03 11:14:10 PST 2020
;; MSG SIZE  rcvd: 106

One of the apps I'm working with uses ElasticSearch, and I was adding better support for HTTP errors, so I decided to use httpstatus for my unit tests. The app automatically appends additional paths to the URL to retrieve data from ElasticSearch, so it was trying to access http://httpstat.us/405/_cat during testing, but the httpstatus service doesn't support random paths on the end of the URL.

I found a workaround in my code to strip the paths, but If this is something that may be handy in the httpstatus site, I can take a shot at a pull request. It's been a few years since I did any serious ASP.NET work, but it would come back pretty quick.

I thought I'd ask -

What are the terms of usage?

Is the server/bandwidth being donated by Microsoft?

Accessing https://httpstat.us/* gives a security warning error

It would be awesome if it were possible to implement this as a wildcard domain with the subdomain returned as the status. For example,
http(s)://404.httpstat.us/ -> 404

Hi! Amazing how useful such a tiny service can be...

Suggestion: It would be even more useful if it could support https :)

Thanks!

Please add response header:

Access-Control-Allow-Origin: *

https://www.ssllabs.com/ssltest/analyze.html?d=httpstat.us

httpstat.us is useful, and I think it would be really useful if it also allowed you to debug SSL issues as well. Perhaps something like invalid-host.httpstat.us or expired.httpstat.us would return an invalid host, or an expired certificate.

If something like this exists elsewhere, I haven't found it.

Thanks for considering!

Could redirects for the following endpoints be updated to use https://httpstat.us instead of http://httpstat.us since TLS is now available?

• 301
• 302
• 303
• 305
• 307
• 308

Current implementation can cause a Mixed Content error in JavaScript applications, and thus have the request blocked.

https://httpstat.us

Valid until | Tue, 30 Jan 2018 01:01:30 UTC (expired 1 day, 6 hours ago)  EXPIRED

$result = file_get_contents("https://httpstat.us/200");
echo $result;

Any reason this is blank? in the browser I get the text "200 OK"
When I use a different URL it returns the data. Is there a required header?

I ran into a rather interesting issue today that I think you can help me with. I have a Flash video player which loads ads from adap.tv. Today adap.tv did something really odd — their tracking URL returns a 302 (Found) code, with a Location header pointing to httpstat.us/503 (why they don’t simply return a 503 header is beyond me, but presumably a limitation of their system) Silly pranksters and their secondary tracking URLs

Unfortunately Flash is not very intelligent about how it handles redirects. A new Loader instance is spun up under the hood for handling the redirect and all events are delegated to the old Loader. As a result I lack the ability to bind listeners to or directly control the Loader after such an event.

In this particular case, Flash was disallowed to read the body of the response since there was no valid crossdomain.xml file. The header returned a Content-Length of 23, however a 0-byte array was returned (since there is not proper permissions for reading the response). When it goes to read 23 bytes from this 0-byte array, it throws an error (“Unexpected End of File”). I’ve done everything I can to try and catch this error myself, however because Flash has a bad habit of secretly spinning up new instances of classes and not giving access to them, I am unable to. For the time being my work-around has been to detect the status code before the error is thrown, increment a global counter, then have a global handler for uncaught errors which checks this counter to see if the crash was expected.

Would it be possible to add a crosdomain.xml file to httpstat.us? It would both allow me to avoid the global error handler nonsense, and it would make your service accessible to ActionScript developers wishing to test how their program responds to different status codes.

I'm getting compilation errors in the global.asax.cs file's Application_BeginRequest function when I try to compile the Teapot solution (I'm trying to rollout an internal version of httpstat.us).

Error 1 The type or namespace name 'EventArgs' could not be found (are you missing a using directive or an assembly reference?) F:\Build\httpstatus-master\src\Teapot.Web\Global.asax.cs 40 64 Teapot.Web

When I comment out that function, the solution builds and it appears to be running OK.

It appears there may be missing namespace declarations at the top. If I add

using System;
using System.Web;

I'm left with one error:

Error 1 'System.Web.HttpResponse' does not contain a definition for 'setHeader' and no extension method 'setHeader' accepting a first argument of type 'System.Web.HttpResponse' could be found (are you missing a using directive or an assembly reference?) F:\Build\httpstatus-master\src\Teapot.Web\Global.asax.cs 47 30 Teapot.Web

I could change the setHeader function call to AddHeader, but I'm afraid that these missing namespaces are because the solution uses a different API than System and System.Web.

using 1XX codes listed here are not responding.

Say I'm writing something that hits a URL-encoded webservice, and I want to test its behavior when the service goes down using httpstatus. The code is written in such a way that it takes a base URL, and appends the arguments to that URL: http://mywebservice.com/foo .

What I would love to be able to do, is pass a base URL of http://httpstat.us/404 to my code. When the code runs, it makes a webservice query, http://httpstat.us/404/foo . This would then ideally return a 404 back to my code so I can see its behavior.

Right now, calling the service this way returns a 302 redirect; if you follow that redirect, you reach an error page, but it reports 200 OK (or curl thinks it does, at least).

EDIT: Slight correction. http://httpstat.us/404/foo gives a 302 redirect to a 200 OK. http://httpstat.us/404/foo/bar gives a direct 404, but so does http://httpstat.us/500/foo/bar .

Hello,

When I do GET against https://httpstat.us/504 I get 200 in response code instead of 504. Is this expected behavior for this endpoint?

> Host: httpstat.us
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< date: Wed, 28 Oct 2020 17:17:12 GMT
< content-length: 0
< set-cookie: __cfduid=d3b7d2cdb8c403f6f2197b1329b38f72c1603905432; expires=Fri, 27-Nov-20 17:17:12 GMT; path=/; domain=.httpstat.us; HttpOnly; SameSite=Lax
< cache-control: private
< x-aspnetmvc-version: 5.1
< access-control-allow-origin: *
< access-control-expose-headers: Link, Content-Range, Location, WWW-Authenticate, Proxy-Authenticate, Retry-After
< x-aspnet-version: 4.0.30319
< request-context: appId=cid-v1:7585021b-2db7-4da6-abff-2cf23005f0a9
< access-control-expose-headers: Request-Context
< x-powered-by: ASP.NET
< set-cookie: ARRAffinity=dd8b28ae218c29eaa50d68d4509c8cd4249ae227da1ec05cd7d334684daefa9f;Path=/;HttpOnly;Domain=httpstat.us
< cf-cache-status: DYNAMIC
< cf-request-id: 0611cfc2070000e20a99220000000001
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sHQRIoya3unPYvDx5caSbCM0ViRJp51HUmCcya0lxbDj1SxzidqhU2%2BMJ646putqT4bDNg17%2BvAIODppLhnlJXCVWiOYnRfBmsqXlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 5e964f166cdfe20a-ORD

I'm getting a 502 error on any requests for status codes 100 - 103.

Looks a lot like an IIS error page. I'm thinking Azure is getting in the middle of things?

When making a request to the URL

https://httpstat.us/200

If a request is made to the server, and the header Accept-Encoding contains br as one of the options, the server returns extra binary content along with the request. This happens only for the 200 response, and only if the Accept-Encoding header is present and asks for br.

I did some examples in Python so that you can see the actual bytes returned:

>>> import requests
>>> requests.get('https://httpstat.us/200', headers={'Accept': "application/json", 'Accept-Encoding': "br"}).content
b'\x83\x10\x80{"code": 200, "description": "OK"}\x03'
>>> requests.get('https://httpstat.us/200', headers={'Accept-Encoding': "br"}).content
b'\x83\x02\x80200 OK\x03'
>>> requests.post('https://httpstat.us/200', headers={'Accept-Encoding': "br"}).content
b'\x83\x02\x80200 OK\x03'
>>> requests.post('https://httpstat.us/200', headers={'Accept-Encoding': "gzip"}).content
b'200 OK'
>>> requests.post('https://httpstat.us/200', headers={'Accept-Encoding': "gzip, deflate"}).content
b'200 OK'
>>> requests.post('https://httpstat.us/200', headers={'Accept-Encoding': "gzip, deflate, br"}).content
b'\x83\x02\x80200 OK\x03'
>>> requests.post('https://httpstat.us/403', headers={'Accept-Encoding': "gzip, deflate, br"}).content
b'403 Forbidden'
>>> 

The results are the same (albeit with ? for the non-ascii byte characters) when using curl:

% curl "https://httpstat.us/200" -H "Accept-Encoding: br, gzip, deflate"
??200 OK%                                               

Obviously Accept-Encoding is not described anywhere as a supported header, so I don't expect it to be supported, but this behavior is a bit strange especially since only the 200 endpoint is affected. No other endpoints appear to display these extra bytes:

% curl "https://httpstat.us/201" -H "Accept-Encoding: br, gzip, deflate"
201 Created%
% curl "https://httpstat.us/302" -H "Accept-Encoding: br, gzip, deflate"
302 Found%
% curl "https://httpstat.us/404" -H "Accept-Encoding: br, gzip, deflate"
404 Not Found%                                        ```

@aaronpowell, we noticed that our requests to httpstat.us have started failing. I believe this change in 4c3b4da may be the culprit?

I have only a cursory knowledge of C#, so I can't say for sure, but I'm wondering if the absence of an Accept header is causing context.HttpContext.Request.AcceptTypes.Contains to throw an exception, maybe AcceptTypes is null?

I'll see about adding an Accept header to our requests, but I wanted to bring this to your attention in case ya'll consider it a regression.

And thank you so much for creating httpstatus!

That’s for the application the coin will bring back value to the financial district and countries we’re going to be judged by financial documents and audits now. People who work for these company’s log on buy coins and put them on their phones or what he’s or chips and they equal how poorly their IRS agency is basically cause China would be out

Sometimes when testing a client it might be useful to have the URL send an error but after a certain amount of requests starting sending OK (for example when testing a retry policy, we might want the url to send an Internal Server Error at first but on the retry send OK).

Could be something like httpstat.us/500&200

First things first: great service - thank you.

https://httpstat.us/ states:

the time in ms, max 5 minutes

In practice, the maximum appears to be 3 mins 50 secs., i.e., 230000 ms.

You can verify this as follows in PowerShell:

(Measure-Command { Invoke-WebRequest https://httpstat.us/200?sleep=270000  2>&1 | Out-Default }).TotalSeconds

My command is curl httpstat.us/200?sleep=120000 (sleep for 2 mins). Sometimes I get back a valid response at 2 minutes. But more often than not, I get back 524 Origin Time-out at 1 minute 40 seconds.

The documentation seems to indicate it supports 230 seconds (3 mins 50 seconds).

every endpoint (including /404, /200, and /) yields 503 (observed between 7:56 and 8:46 am EDT)