Re: [fetch] Status code to use in a response indicating rejection of a cross-origin access (#172) from Mark Nottingham on 2015-12-10 (public-webapps-github@w3.org from December 2015)

From: Mark Nottingham <notifications@github.com>
Date: Wed, 09 Dec 2015 22:48:14 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/172/163517328@github.com>

In CORS, the enforcement point is the client. If you're looking for how servers should express insufficient credentials when *they* are the enforcement point, 403 would be the logical choice (unless you want to prompt for a different credential, in which case 401 would do the trick). 

---
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/172#issuecomment-163517328

Received on Thursday, 10 December 2015 06:48:40 UTC