- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 25 May 2011 15:44:56 +0200
- To: "Thomson, Martin" <Martin.Thomson@andrew.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
On 2011-05-25 10:07, Julian Reschke wrote:
> ...
Proposed patch:
<http://trac.tools.ietf.org/wg/httpbis/trac/attachment/ticket/294/i294.diff>
This makes the definition of 403 read:
8.4.4. 403 Forbidden
The server understood the request, but refuses to authorize it.
Providing different user authentication credentials might be
successful, but any credentials that were provided in the request are
insufficient. The request SHOULD NOT be repeated with the same
credentials.
If the request method was not HEAD and the server wishes to make
public why the request has not been fulfilled, it SHOULD describe the
reason for the refusal in the representation. If the server does not
wish to make this information available to the client, the status
code 404 (Not Found) MAY be used instead.
Feedback appreciated, Julian
Received on Wednesday, 25 May 2011 13:45:32 UTC