46 comments

[ 3.7 ms ] story [ 108 ms ] thread
Neat! I wrote a similar project for Drupal once - https://www.drupal.org/project/generate_errors - I found it to be a good way to learn about HTTP status codes and their meanings. Currently, you've got a finite list of HTTP status codes and don't have definitions. You may want to consider grouping them and including labels. Or don't, I'm just some guy on the internet :-)

Cool project!

I've used https://httpstat.us/ which seems to offer the same features plus configurable delay, although when you hit it 3,000 times a second it doesn't necessarily respond with the code you ask for.
I think the proper term is "status code". Simply using the word "status" by itself is ambiguous and misleading. So any new entrants to this space could choose from a lot of domain suffixes: status.codes, statusco.de, statuscode.info, etc...
I built something similar about a year ago experimenting with AWS's API Gateway. https://mock.codes/ The landing page is an S3 file, and everything is just API Gateway configs.

There used to be a similar service hosted on the same domain that eventually went dead. I bought the domain and brought up this service again. It barely gets used (haven't checked usage in a while) but I've already paid for the domain and it costs me pennies to keep it up and running.

Does not support IoT kettles. Fatal flaw.

(Response code 418.)

No CORS support. That seems silly.
Arbitrary status codes from your webserver is extremely useful for testing your nginx or other reverse-proxy configuration. If your webserver is returning 500s, does nginx retry in an infinite loop? Not good!

Better: if a query causes your webserver to crash, does nginx crash ALL of them while retrying that bad query? :-)

    require("express")().get("/:status", (req, res) => res.status(req.params.status).end()).listen(80)
gotta add a NaN check in there or it'll hang

        require("express")().get("/:status", (req, res) => res.status(+req.params.status || 400).end()).listen(80)
You just broke my HTTP status 0.
> status.icu will return whatever https status code you want! Use a GET request to any status.icu path to guarantee an HTTP status code.

    $ curl -I https://status.icu/418/
    HTTP/1.1 500 Internal Server Error 
The Nginx configuration responsible for the service[1] just hardcodes a handful of common HTTP status codes. A Go version that supports any status code takes fewer lines than status.icu's nginx.conf, even after gofmt.[2] Not that I think anyone should be relying on a third-party service for "writing browser integration tests" OR "mocking API responses".

[1] https://gist.github.com/geetotes/0ddc96f95eecab4e8aa8dd53bcc...

[2] https://gist.github.com/wwalexander/febbc1ba76c8eafa9f94f5cb...

It’s a bit disingenuous to call it that. 140 characters on one line that most people would format very differently.
furthermore I have never used Go or Ruby, but I could easily read and understand the Go code, I have zero idea what the Runy code is doing, or why they do this [-3, 3] seemingly multi dimensional negative array access
I'd say this comment is a tad unfair.

Most "one liners" fall under the category "most people would format very differently"

And this one at only 140 chars (a classic tweet)

two lines and a big dependency...
why on earth would I want this instead of a local service if I absolutely need (which I don't with clean architecture and clean code)
There is an XSS vuln on the website. Try entering something like '<b>test</b>' or '<script>alert('test');</script>" into the text box.
This might matter if the site had any state or data to protect, but it doesn’t.
This might matter if the author is so careless, should I worry about other hidden vulnerabilities in this utility site overall.
That just makes the service more flexible.
That explains why it is blocked on my enterprise network.
But how would it know there's an XSS vuln?
Yes of course, and your enterprise network have a password strength checker on post requests too I guess? meh.
That's the same 'attack' you could make on https://jsfiddle.net

What I am getting at is that you can't form a url that will do this, you need to interact with the page to trigger it.

I wonder what is the incentive to keep it up and running
Doing something nice for other developers, I guess.

Unless you mean "what guarantees do I have that if I integrate this in my workflow it won't be gone tomorrow?". In which case, I agree.

Since it's a static website, with a little effort you can have it cost virtually nothing (less than the domain, probably). S3 and Route53 can go a long way.
Pretty useful. Was writing a script yesterday to log website availability including the HTTP status of the site.

This will be useful to make sure my script works correctly!

For developers who never heard of httpbin.org