Opened 6 years ago

Closed 5 years ago

#294 closed design (fixed)

clarify 403 forbidden

Reported by: julian.reschke@… Owned by: julian.reschke@…
Priority: normal Milestone: 15
Component: p2-semantics Severity: Active WG Document
Keywords: Cc:

Description

People read

"Authorization will not help and the request SHOULD NOT be repeated."

as if authenticating with *different* credentials won't help, and this choose a different status code.

See also

http://lists.w3.org/Archives/Public/ietf-http-wg/2010JulSep/0085.html

and

http://stackoverflow.com/questions/6113014/what-http-code-to-use-in-not-authenticated-and-not-autorized-cases

Martin proposes:

"The server understood the request, but refuses to authorize it. Providing different user authentication credentials might be successful, but any credentials that were provided in the request are insufficient."

which sounds good to me.

Attachments (1)

i294.diff (1.2 KB) - added by julian.reschke@… 6 years ago.
proposed patch

Download all attachments as: .zip

Change History (6)

Changed 6 years ago by julian.reschke@…

proposed patch

comment:2 Changed 6 years ago by julian.reschke@…

From [1301]:

clarify 403 forbidden (see #294)

comment:3 Changed 6 years ago by julian.reschke@…

  • Milestone changed from unassigned to 15
  • Resolution set to incorporated
  • Status changed from new to closed

comment:4 Changed 5 years ago by mnot@…

  • Resolution incorporated deleted
  • Status changed from closed to reopened

comment:5 Changed 5 years ago by mnot@…

  • Resolution set to fixed
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.