W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1995

Re: 403 vs. 400 response from server?

From: Roy T. Fielding <fielding@avron.ics.uci.edu>
Date: Fri, 14 Apr 1995 14:43:43 -0700
To: Multiple recipients of list <www-talk@www10.w3.org>
Message-Id: <9504141443.aa25605@paris.ics.uci.edu>
Mike Meyer wrote:

>> Can someone explain where one should use a 403 response versus a 400
>> response? Is using 400 only for mailformed requests, and 400 for
>> requests with a command that isn't understood a reasonable
>> interpretation?

and Paul Phillips responded:

> My spec indicates that 403 implies greater server understanding than 400 
> does.  A 403 means the server tried to service the request, and failed, 
> while a 400 means that the server knew based on the request that it would 
> fail.

Ummmm, almost.  400 Bad Request indicates that the server was unable
to understand the request due to it being malformed.  403 Forbidden
indicates that the server *did* understand the request, but refuses to
service it for some reason that remains unknown to the client.

> There does seem to be some abiguity here, but both codes instruct the 
> client not to repeat the request, so I don't think it's critical.

There is a certain amount of overlap between 400 and all 4xx responses,
but I don't consider that to be ambiguous.  I'll change the spec so
that the purpose of the two codes is clarified.

Hmmmm, I could just change the example Reason Phrases to

     400 You screwed up
     403 Piss off

;-)

 ....Roy T. Fielding  Department of ICS, University of California, Irvine USA
                                       <fielding@ics.uci.edu>
                      <URL:http://www.ics.uci.edu/dir/grad/Software/fielding>
Received on Friday, 14 April 1995 17:50:56 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:16 UTC