W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: Reviving discussion on error code 451

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 02 Jan 2015 08:29:40 +0100
Message-ID: <54A648E4.2090400@gmx.de>
To: Tim Bray <tbray@textuality.com>, James M Snell <jasnell@gmail.com>
CC: Willy Tarreau <w@1wt.eu>, Niels ten Oever <lists@digitaldissidents.org>, Mark Nottingham <mnot@mnot.net>, Yoav Nir <ynir.ietf@gmail.com>, Eliot Lear <lear@cisco.com>, Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>, Nicolas Mailhot <nicolas.mailhot@laposte.net>
On 2015-01-01 22:41, Tim Bray wrote:
> There are a variety of arguments why 403 is a bad choice. To start with,
> the RFC [https://tools.ietf.org/html/rfc7231#section-6.5.3] says 403
> “indicates that the server understood the request but refuses to
> authorize it.” In fact, if an ISP is under legal pressure, it’s quite
> likely the server never got the request, so 403 is just wrong.  There’s
> another less-formal issue in that 403 is regarded by many practitioners
> as “what happens when you respond to a 401 but the server doesn’t like
> the response”.
> ...

That's a bit misleading. "Server" is not the same thing as "Origin 
Server", so it includes intermediaries.

Best regards, Julian
Received on Friday, 2 January 2015 07:30:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC