
I’m A Teapot – HTTP status code 418 - gilad
https://httpstatuses.com/418
======
non-nil
People, please! If encountering a 418, consider adhering to ISO 3103:
[https://en.wikipedia.org/wiki/ISO_3103](https://en.wikipedia.org/wiki/ISO_3103)

~~~
masklinn
> The pot should be white porcelain or glazed earthenware and have a partly
> serrated edge. It should have a lid that fits loosely inside the pot.

> If a large pot is used, it should hold a maximum of 310 ml (±8 ml) and must
> weigh 200 g (±10 g).

 _looks at cast iron teapot_

what?

> Freshly boiling water is poured into the pot to within 4–6 mm of the brim.
> Allow 20 seconds for water to cool.

 _looks at bag of loose-leaf green tea_

the?

> Brewing time is six minutes.

 _looks at green tea again_

fuck?

> 2 grams of tea (measured to ±2% accuracy) per 100 ml boiling water is placed
> into the pot.

 _looks at gaiwan_

This is obviously a colonial document written by limey tea-monsters.

~~~
outadoc
> This standard is not meant to define the proper method for brewing tea
> intended for general consumption, but rather to document a tea brewing
> procedure where meaningful sensory comparisons can be made. An example of
> such a test would be a taste-test to establish which blend of teas to choose
> for a particular brand or basic label in order to maintain a consistent
> tasting brewed drink from harvest to harvest.

~~~
vanderZwan
> _a tea brewing procedure where meaningful sensory comparisons can be made_

As noted elsewhere, there is no way to meaningfully compare teas that require
lower temperatures or longer seeping time with this procedure.

~~~
masklinn
> or longer seeping time with this procedure

Or more generally shorter seeping time, I've never seen a tea which wanted 6mn
seep time, and most somewhat fragile tea want way less (with the possible
exclusion of summing the consecutive infusions of an oolong, I guess you do
get into the 6mn range total at the end of the session).

~~~
vanderZwan
Err, yes, shorter, thank you. I mixed that up.

(I guess there is still the option of cold brewed tea though)

------
csilverman
I had an issue a little while ago where I was trying to get iOS's Shortcuts
app to post to WordPress. I noticed that doing this seemed to crash every one
of my websites within seconds. It was like flicking a switch: I’d run the
Shortcuts workflow and seconds later, all of my sites appeared to be offline.
This lasted for precisely one hour, after which everything came back online.

Didn't take long to figure out that the sites had actually been online the
whole time for everyone else; they were only inaccessible from my local
network. At that point, I contacted my host, and they explained that the
WordPress component of the Shortcuts app was, for some reason, bombarding the
server with a whole lot of requests for files that didn’t exist. The server
thought it was under attack and blocked my whole network. Then it got
interesting: the guy said that the server was throwing 418s.

I thought he might be mistaken at first. I actually recognized 418, since I've
known about the teapot thing for a little while. I asked the guy if it was
really the case that the server was blocking my network because it thought my
phone was making too many demands for coffee it wasn't capable of producing,
and he said that, well, other than the coffee bit, DreamHost really does use
418 for that situation: [https://help.dreamhost.com/hc/en-
us/articles/215947927-How-d...](https://help.dreamhost.com/hc/en-
us/articles/215947927-How-do-I-enable-Extra-Web-Security-for-my-website-)

That is the only time I've encountered 418 in the wild. That decision seems to
be pretty consistent with DreamHost's sense of humor.

(They did, as usual, manage to fix my problem.)

~~~
jrockway
This is kind of unfortunate because if they just returned a correct code (429
Too Many Requests), you could have immediately debugged the problem. (The
standard suggests also including a Retry-After header, which would tell you
when the rate limiting would be lifted so you could try again.)

Basically, there was a machine-readable way to tell you to go away. But
instead they told your user agent that they were unable to brew coffee because
they are a teapot. What a waste of everyone's time.

~~~
csilverman
Agreed, although the iOS Shortcuts app did not even bother to tell me the
server's response; it simply failed, so even if the server had returned a
coherent error message, I think I still would have had to contact support to
find out what it said.

I love Shortcuts—it's a great automation tool with some good ideas—but, as is
the case with many Apple things, it prioritizes minimalism over functionality.
Seems like an odd tradeoff to me, since I think the only people who even know
Shortcuts is on their device are people like me who would vastly prefer full-
featured complexity—and better documentation—to the smooth, almost toy-like
UX.

------
darkhelmet
I added panic("I'm a teapot!"); to the FreeBSD kernel, many many years ago
(sys/kern/kern_thread.c). It was for an impossible, cannot-happen scenario.

Much to my astonishment/amusement, it did.

~~~
ed25519FUUU
> _I added panic( "I'm a teapot!"); to the FreeBSD kernel, many many years ago
> (sys/kern/kern_thread.c). It was for an impossible, cannot-happen scenario._

I know it’s in jest but I absolutely hate to encounter this kind of thing in
the wild. It’s a huge anti pattern and tax you put on other people who have to
troubleshoot “impossible” scenarios.

~~~
mulmen
I dunno, seems like a very quackable phrase to me. In fact soon it will
probably lead right here!

~~~
markild
Off topic, but first time I've seen "quackable". Hahaha, I like it! I've tried
"duck it" earlier, but it just sounds like I'm stuck with auto correct on.

------
eastdakota
At Cloudflare’s SF office, the conference rooms are all numbered after HTTP
status codes. Our Board Room is 404. The coffee shop (Cafe Lambretta) in our
building, at the corner of 2nd & Townsend, is bookable in our calendar system
as Room 418.

~~~
9nGQluzmnq3M
There's a FAANG office which also uses 4xx status codes, but as you would
expect, 404 is missing, and 403 is permanently locked (spoiler: it's a door
mounted on a wall with nothing behind it). 418, on the other hand, is
decorated with whimsical teapots.

~~~
shawabawa3
and 401 has a bouncer outside that doesn't let anybody in?

~~~
spurgu
Or it just requires a code to enter.

------
snicky
We return 418 on our site in case an admin tries to access the admin panel
without a required VPN. It actually clicked pretty fast with everybody on the
team, especially those less tech-savvy. They know the "teapot issue" means
they forgot to turn on the VPN. It's less confusing than 401/403 :)

~~~
spockz
Why not return instead/in addition reply with an actionable message in the
body?

~~~
snicky
The misinformation that 418 brings may be quite helpful if an unauthorized
person temporarily gets in hold of your device and tries to access that admin
panel.

~~~
spockz
How is that? Enabling VPN should require some knowledge still, so why would it
help if an unauthorised person accessed your device?

~~~
snicky
Some setups are dead simple and require just 1 or 2 clicks to enable a VPN
that was registered before, e.g. Tunnelblick on MacOS. The potential hacker
who was explicitly told he has to enable a VPN may look for such an app on the
compromised computer.

------
pwdisswordfish4
418 is actually unassigned.

[https://www.iana.org/assignments/http-status-codes/http-
stat...](https://www.iana.org/assignments/http-status-codes/http-status-
codes.xhtml)

This code has never been officially registered, especially not by that April
Fools’ RFC. A number of HTTP implementations added it to their lists of codes
anyway; there was a concern that it might create a conflict with if an actual
meaning is assigned by the HTTP specification. One of the authors of the
specification went around asking libraries to remove the code for this reason.
Web developers, like the mature people they are, bullied him into abandoning
it.

By the way, if one actually wanted to control coffee pots over HTTP, 400 Bad
Request would have been entirely sufficient for this situation. This code has
been superfluous from the start. Ironically, it became the very thing it was
meant to satirise.

~~~
chrismorgan
> _400 Bad Request would have been entirely sufficient for this situation._

The whole idea of status codes is that if you encounter one you don’t know
about, you can treat it as a member of that family, so any unknown 4xx will be
treated the same as a 400. Most of the 400 series is about clarifying what was
wrong with the request. 400 just says _something_ ’s wrong about the request,
but not _what_. 405 says it’s the method. 406 says it can’t satisfy the
provided Accept header. 411 says it wants a Content-Length header. 418 says
it’s that you tried to brew coffee in a teapot.

~~~
Erlich_Bachman
> 418 says it’s that you tried to brew coffee in a teapot.

That you tried to do something so absurdly inappropriate that there isn't even
a proper technical way to explain why it was wrong and why it could not work?
Like, the server could not even begin to understand what you tried to
accomplish with that request.

~~~
msla
> That you tried to do something so absurdly inappropriate that there isn't
> even a proper technical way to explain why it was wrong and why it could not
> work? Like, the server could not even begin to understand what you tried to
> accomplish with that request.

The "Blank Stare" response code. Or maybe the "Stunned Stare And Slowly
Backing Away" response code.

Something at the other end:

[https://en.wikipedia.org/wiki/List_of_HTTP_status_codes](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes)

> 420 Enhance Your Calm (Twitter)

>> Returned by version 1 of the Twitter Search and Trends API when the client
is being rate limited; versions 1.1 and later use the 429 Too Many Requests
response code instead.[74] The phrase "Enhance your calm" comes from the 1993
movie Demolition Man, and its association with this number is likely a
reference to cannabis.

Visually:

[https://http.cat/420](https://http.cat/420)

~~~
a1369209993
Arguably that should be a 5xx response though; there's nothing wrong with the
requests, the server just doesn't want to (doesn't have enough resources to)
handle them as quickly as they're being issued.

~~~
another-dave
I guess breaking the rate limit is a user error — e.g. sometimes if you
continue with could get your access revoked.

I read 50x as "something not your fault" went wrong.

~~~
masklinn
Yup. 500 errors are "the server is broken" (aka the server _fails_ to fulfil
the request), 400 errors are "the client did something it should not",
including every case of "the client did something the server took issue with
for whatever reason".

In fact RFC 6585 added "429 Too Many Requests" specifically for rate-limiting
scenarios.

413 (payload too large), 414 (URI too long) or 431 (header fields too large)
are likewise things which may technically be valid according to the HTTP spec
in general, but which the server _rejects_.

------
andrewflnr
Also recommended: [https://http.cat/](https://http.cat/), particularly
[https://http.cat/418](https://http.cat/418)

~~~
hnzix
Or if you're more of a Dog person:
[https://httpstatusdogs.com/](https://httpstatusdogs.com/)

~~~
roboyoshi
And if you're more of a Rap person:
[http://httpstatusrappers.com/](http://httpstatusrappers.com/)

with my favorite:
[http://httpstatusrappers.com/200.html](http://httpstatusrappers.com/200.html)

------
chrismorgan
Some further relevant history:

There’s an official registry of status codes:
[https://www.iana.org/assignments/http-status-codes/http-
stat...](https://www.iana.org/assignments/http-status-codes/http-status-
codes.xhtml).

HTTP libraries normally use this as their canonical source of status codes
that they should have constants (or whatever) defined for.

But _418 I 'm a teapot_ is not in that registry. It’s not clear to me why it
wasn’t put in when the registry was established, but it seems most likely that
someone made an executive judgement against pointless fun.

To my knowledge, it’s the only status code from an RFC that has not made it
into the registry. So many HTTP libraries, perhaps most, have this one
exception, an extra status code not from the registry.

In 2017, the httpbis working group chairman Mark Nottingham (mnot) sought to
get 418 removed from libraries everywhere (since it wasn’t registered and
wasn’t serious); this met with popular resistance (people like their fun) and
so he changed direction and sought to have 418 registered properly instead,
with [https://datatracker.ietf.org/doc/draft-nottingham-thanks-
lar...](https://datatracker.ietf.org/doc/draft-nottingham-thanks-larry/). But
that draft was allowed to expire and I’m not sure why.

~~~
pwdisswordfish4
The draft was simply integrated into a larger-scope document, still actively
maintained (last draft published 12th of July):

[https://www.ietf.org/id/draft-ietf-httpbis-
semantics-10.html...](https://www.ietf.org/id/draft-ietf-httpbis-
semantics-10.html#name-418-unused)

Note the description doesn’t say ‘I’m A Teapot’.

~~~
chrismorgan
Ah, good to know; thanks. I’m disappointed they’re aiming for unused rather
than a regular entry, but it’s definitely better than unregistered.

------
CobrastanJorji
If you encounter problems with HTTP 418, you should consider implementing RFC
7168 - The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances
(HTCPCP-TEA).
[https://tools.ietf.org/html/rfc7168](https://tools.ietf.org/html/rfc7168)

~~~
xbar
It's true. I should...

------
matmann2001
My school had a class called CS 418 Computer Graphics. One of the final
projects was to render a scene reflected off the surface of a teapot STL. I
often pondered on the coincidence.

~~~
mike_d
The Utah Teapot is the Hello World of 3D rendering, and a teapot model is
included somewhere in almost every 3D rendering application.

I learned about it when I received a copy of BRL-CAD from the Army Research
Lab in the mid-90s and it had a teapot, which I thought was quite odd for an
application designed for ballistic research.

[https://en.wikipedia.org/wiki/Utah_teapot](https://en.wikipedia.org/wiki/Utah_teapot)

~~~
msla
The British wouldn't think it odd to mix ballistics with tea:

[https://en.wikipedia.org/wiki/Boiling_vessel](https://en.wikipedia.org/wiki/Boiling_vessel)

> A boiling vessel is a water heating system fitted to British armoured
> fighting vehicles that permits the crew to heat water and cook food by
> drawing power from the vehicle electrical supply.[1] It is often referred to
> by crewmembers (not entirely in jest) as the most important piece of
> equipment in a British armoured vehicle

------
opportune
I guess the 2020 version of this status code would be "Sir, this is a Wendy's"

~~~
lvturner
I don't get it

------
ggghhhfff
Useful for when you get requests to brew coffee on your smart teapot

------
konart
I had a project were in case of a 400 errors 418 error would be used.

~~~
palsecam
Me too, kind of.

I have nginx reply with a 418 page to _bad bots_ requests. Funny easter egg.
As a bonus, that makes nginx avoid checking the filesystem for inexistent
files, and makes filtering logs easier.

Nginx config snippet:

    
    
      # Nothing to hack around here, I’m just a teapot:
      location ~* \.(?:php|aspx?|jsp|dll|sql|bak)$ { 
          return 418; 
      }
      error_page 418 /418.html;
    

Example: [https://FreeSolitaire.win/wp-
login.php](https://FreeSolitaire.win/wp-login.php)

~~~
OldHand2018
Nice. I used to use that for all php requests to my websites (like you, I do
not have php installed on my servers). Now I just use the nginx 444, which
immediately drops the connection.

I wonder if it actually saves much time. Probably not.

------
ishcheklein
"HTCPCP was an April 1 joke by Larry to illustrate how people were abusing
HTTP in various ways. Ironically, it's not being used to abuse HTTP itself --
people are implementing parts of HTCPCP in their HTTP stacks." \-
[https://tools.ietf.org/html/rfc2324](https://tools.ietf.org/html/rfc2324)

------
outworlder
I had a coworker who found about 418, found this hilarious and started
returning this in case of error.

It made for an interesting troubleshooting session, because at the time, not
all browsers would display a meaningful result. Some would return a blank
screen - which is easy to find. But not as easy when it was a single call
among many others in the page...

------
G4BB3R
Some time ago after realising how GraphQL (don't) use http code, I decided
that I wouldn't use http code for business logic like everybody does, but let
that responsibility only to the webserver (not auth 401, not found 404,
exception 500, and few others). Is that absurd? Should I reconsider going
back?

~~~
bmn__
It's not absurd. If you have tuits to spare, strive to be in compliance with
the standards to your best ability. Do not just relegate error handling to
code you will not touch.

For example, status 422 is used for syntactically correct, but semantically
invalid request bodies. Augment your graphql library or application code where
appropriate.

That way, you reap the benefits of interoperability. Being in compliance makes
you a good Internet citizen in the eyes of your peers.

------
dade_
418 - The status code for a passionate debate! It’s a joke, it’s wrong, it’s
funny, it’s right. And finally, oh dear, we need to have a chat about how you
prepare your tea. Discussions on the famous 200, 404 and 500 are usually only
lukewarm, though 488 stories can get racy.

------
walrus01
I'm sure you can run Apache or nginx on the pi zero w on this and communicate
with a walking robotic teapot.

[https://www.raspberrypi.org/blog/robotic-
teapot/](https://www.raspberrypi.org/blog/robotic-teapot/)

~~~
nickt
The original teapot server was an Acorn Archimedes, so this is a nice legacy.

Edit: I misremembered, it was a coffee pot. Bloody barbarians!

From RFC 2324, “ [CBIO] "The Trojan Room Coffee Pot, a (non-technical)
biography", Q. Stafford-Fraser, University of Cambridge Computer Lab,
<[http://www.cl.cam.ac.uk/coffee/qsf/coffee.html>](http://www.cl.cam.ac.uk/coffee/qsf/coffee.html>)

------
kristopher
Obligatory Google Teapot:

[https://www.google.com/teapot](https://www.google.com/teapot)

------
cik
For Zarquon's sake, the least they could have done is listened to him about
tea
[https://hitchhikers.fandom.com/wiki/Tea](https://hitchhikers.fandom.com/wiki/Tea).

------
nineteen999
As more of a graphics guy than a HTTP guy, I immediately though of the Utah
Teapot.

[https://en.wikipedia.org/wiki/Utah_teapot](https://en.wikipedia.org/wiki/Utah_teapot)

------
achillean
A bit more than 5000 web servers return HTTP 418 :)

[https://beta.shodan.io/search?query=http.status%3A418](https://beta.shodan.io/search?query=http.status%3A418)

------
mlang23
This reminds me of Hurds EIEIO

[https://www.gnu.org/software/hurd/faq/eieio.html](https://www.gnu.org/software/hurd/faq/eieio.html)

~~~
aidenn0
One of POWER's ordering primitives is enable in-order execution of
input/output, or eieio.

------
pacamara619
718 - I am not a teapot

[https://github.com/joho/7XX-rfc/pull/180](https://github.com/joho/7XX-
rfc/pull/180)

~~~
perl4ever
718 - I'm a Porsche

------
mvip
[https://github.com/vpetersson/im-a-teapot](https://github.com/vpetersson/im-
a-teapot)

------
fdisotto
We use it in our product [https://punterz.club/](https://punterz.club/) just
for fun :)

~~~
konjin
The longest thread at a hacker space I frequented was fighting over adding a
418 status to the mainline iot kettle stack.

The argument went that a kettle is not a tea pot since before adding a tea bag
you can use the hot water for anything, including instant coffee. Someone
added a tea bag dunker to the kettle. People started complaining about taking
away choice by forcing everyone to use the kettle as a tea pot, so I added a
empty tea bag as one of the selections. The argument then went that since it
can load empty tea bags it is not a permanent tea pot even though it is mostly
a tea pot so it shouldn't include 418 as per RFC 7168.

The last I'd heard of it, they had added peristaltic pumps that can be
accessed individually, so if you sent an HTCPCP request to the tea designated
pump for coffee it would return 418, but if you sent it to the beverage server
it would route your order to the correct pump.

------
brailsafe
More work was put in for this joke than I've literally put into any
development related thing all summer. I like it.

------
remux
On my licence plate I have the number 418 :D

------
ed25519FUUU
Please if you’re reading this, don’t add this status code and don’t suffer
anyone to add this to your code either. It’s not funny, and it’s not clever.
Please don’t do it. Find another way to be clever and funny.

~~~
brazzy
Who exactly put you in charge of deciding what's funny?

