423 Locked (WebDAV; HTTP Status Code 423)

HTTP status code 423 means “Locked.” This status code was originally defined in the WebDAV (Web Distributed Authoring and Versioning) protocol to handle concurrency issues in distributed file systems. The 423 Locked status code indicates that the requested resource is currently locked and cannot be accessed.

Main Uses

• Prevents multiple users from editing the same resource simultaneously.
• Ensures that a resource is not modified during critical operations.

Use Cases

• Document Management Systems: When one user is editing a document, and another user tries to edit the same document.
• Version Control Systems: When a file is checked out for editing.
• Database Transactions: During long-running transactions.

Application in WebDAV

In WebDAV, the 423 status code is typically used with the LOCK and UNLOCK methods to manage the locking state of resources.

Response Format

When returning a 423 status code, the server should generally provide additional information, such as:

• The reason for the lock.
• The expected unlock time (if known).
• Information about the owner of the locked resource (if applicable).

Client Handling

Upon receiving a 423 response, the client should:

• Notify the user that the resource is currently unavailable.
• Optionally choose to retry later.
• Avoid automatically resending the request, as this may lead to unnecessary server load.

Example Scenario

const fileLocks = new Map();

app.put("/api/files/:id/edit", (req, res) => {
  const fileId = req.params.id;
  const userId = req.user.id; // Assume user authentication is implemented

  if (fileLocks.has(fileId)) {
    const lock = fileLocks.get(fileId);
    if (lock.userId !== userId) {
      return res.status(423).json({
        error: "Locked",
        message: "This file is currently being edited by another user.",
        lockedBy: lock.userId,
        lockedAt: lock.timestamp,
        retryAfter: 300, // Suggest retry after 5 minutes
      });
    }
  }

  // Lock the file for this user
  fileLocks.set(fileId, { userId, timestamp: new Date() });

  // Proceed with file editing...
  res.json({ message: "File locked for editing" });
});

app.put("/api/files/:id/release", (req, res) => {
  const fileId = req.params.id;
  const userId = req.user.id;

  if (fileLocks.has(fileId) && fileLocks.get(fileId).userId === userId) {
    fileLocks.delete(fileId);
    res.json({ message: "File lock released" });
  } else {
    res.status(400).json({
      error: "Bad Request",
      message: "No lock exists for this file and user",
    });
  }
});

Related 4xx error code

• 400 Bad Request
• 401 Unauthorized
• 402 Payment Required
• 403 Forbidden
• 404 Not Found
• 405 Method Not Allowed
• 406 Not Acceptable
• 407 Proxy Authentication Required
• 408 Request Timeout
• 409 Conflict
• 410 Gone
• 411 Length Required
• 412 Precondition Failed
• 413 Payload Too Large
• 414 URI Too Long
• 415 Unsupported Media Type
• 416 Range Not Satisfiable
• 417 Expectation Failed
• 418 I’m a teapot
• 421 Misdirected Request
• 422 Unprocessable Entity (WebDAV)
• 424 Failed Dependency (WebDAV)
• 425 Too Early
• 426 Upgrade Required
• 428 Precondition Required
• 429 Too Many Requests
• 431 Request Header Fields Too Large
• 451 Unavailable For Legal Reasons
• 499 Client Closed Request