Re: Status code for censorship? from Yi, EungJun on 2012-06-11 (ietf-http-wg@w3.org from April to June 2012)

From: Yi, EungJun <semtlenori@gmail.com>
Date: Mon, 11 Jun 2012 21:18:59 +0900
To: Mark Nottingham <mnot@mnot.net>
Cc: James M Snell <jasnell@gmail.com>, Tim Bray <tbray@textuality.com>, ietf-http-wg@w3.org
Message-ID: <CAFT+Tg_qBwJmuetKP_1CEvWyyuFP_6-sDdiQPAtsW1kuEY2xsA@mail.gmail.com>

>
> P.S. The interesting part, for me, is that this is a perfectly valid use of 403, according to our specs:
>
> "The server understood the request, but refuses to authorize it."
>
> Note "server", not "origin server" -- which in both 2616 and bis means *any* server in the chain can send it.
>

+1.

And 403 is also helpful for users because it allows to describe in the
entity why the request is refused.

In 10.4.4. 403 Forbidden, RFC 2616 says,
"If the request method was not HEAD and the server wishes to make
public why the request has not been fulfilled, it SHOULD describe the
reason for the refusal in the entity".

Received on Monday, 11 June 2012 12:19:32 UTC