W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

Re: Ticket #294, was: 403 description clarifications

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 25 May 2011 15:44:56 +0200
Message-ID: <4DDD07D8.2060500@gmx.de>
To: "Thomson, Martin" <Martin.Thomson@andrew.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
On 2011-05-25 10:07, Julian Reschke wrote:
 > ...

Proposed patch: 
<http://trac.tools.ietf.org/wg/httpbis/trac/attachment/ticket/294/i294.diff>

This makes the definition of 403 read:

8.4.4.  403 Forbidden

    The server understood the request, but refuses to authorize it.
    Providing different user authentication credentials might be
    successful, but any credentials that were provided in the request are
    insufficient.  The request SHOULD NOT be repeated with the same
    credentials.

    If the request method was not HEAD and the server wishes to make
    public why the request has not been fulfilled, it SHOULD describe the
    reason for the refusal in the representation.  If the server does not
    wish to make this information available to the client, the status
    code 404 (Not Found) MAY be used instead.

Feedback appreciated, Julian
Received on Wednesday, 25 May 2011 13:45:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:40 GMT