What error do we return when parsing an invalid HTTP `Range: ...` header?

Question

I'm working on a project which manually parses the Range: ... field. On an error, it always returns a 416 HTTP error (Range Not Satisfiable).

It seems to me that in most cases, like where the range is not bytes=... or a number is invalid, the HTTP error should instead be 400.

Have you had experience with this specific case before? What are we expected to return?

Answer 1

At the risk of an opinion-like answer: RFC 7233 discusses 416 in the context of being unable to satisfy a range request, with the strong implication that the request is syntactically correct.

The 416 (Range Not Satisfiable) status code indicates that none of the ranges in the request's Range header field (Section 3.1) overlap the current extent of the selected resource or that the set of ranges requested has been rejected due to invalid ranges or an excessive request of small or overlapping ranges.

https://www.rfc-editor.org/rfc/rfc7233#page-15

Errors in request syntax or otherwise malformed still correspond to a general 400 Bad Request.

The 400 (Bad Request) status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

https://www.rfc-editor.org/rfc/rfc7231#page-58

So, if the request doesn’t specify valid bytes ranges (currently the only registered range type) I’d return a 400.