Best practices in Gemini servers

[Jason McBrayer]

Sean Conner <sean at conman.org> writes:

>   I'm currently returning a "Bad Request" for this, if the protocol, host
> and port don't match what is currently configured on my server.  The other
> possible status is "Proxy Request Refused".  My server doesn't do proxy
> requests.  What should the proper status code be?  Is "Bad Request" fine
> here?

In my opinion, the Most Correct response to return would be "Proxy
Request Refused". If they had made the same request to a the right
server or if this server had been configured differently, it would have
succeeded, so the request isn't malformed or anything. But Bad Request
is probably the next-best response; Not Found would also make a kind of
sense. 

>   So my question here, does it make sense to have the order be:
>
> 	check request
> 	check authorization
> 	check redirection
> 	check handlers
>
> to prevent possible leaking of data?  I'm thinking yes, but wouldn't mind
> seeing a discussion.
>

I think this is good. I don't know that there's an equivalent best
practices in HTTP; I think this is all pretty implementation-defined. 

-- 
Jason McBrayer      | “Strange is the night where black stars rise,
jmcbray at carcosa.net | and strange moons circle through the skies,
                    | but stranger still is lost Carcosa.”
                    | ― Robert W. Chambers,The King in Yellow