W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1995

Re: 403 vs. 400 response from server?

From: Roy T. Fielding <fielding@avron.ics.uci.edu>
Date: Fri, 14 Apr 1995 14:43:43 -0700
To: Multiple recipients of list <www-talk@www10.w3.org>
Message-Id: <9504141443.aa25605@paris.ics.uci.edu>
Mike Meyer wrote:

>> Can someone explain where one should use a 403 response versus a 400
>> response? Is using 400 only for mailformed requests, and 400 for
>> requests with a command that isn't understood a reasonable
>> interpretation?

and Paul Phillips responded:

> My spec indicates that 403 implies greater server understanding than 400 
> does.  A 403 means the server tried to service the request, and failed, 
> while a 400 means that the server knew based on the request that it would 
> fail.

Ummmm, almost.  400 Bad Request indicates that the server was unable
to understand the request due to it being malformed.  403 Forbidden
indicates that the server *did* understand the request, but refuses to
service it for some reason that remains unknown to the client.

> There does seem to be some abiguity here, but both codes instruct the 
> client not to repeat the request, so I don't think it's critical.

There is a certain amount of overlap between 400 and all 4xx responses,
but I don't consider that to be ambiguous.  I'll change the spec so
that the purpose of the two codes is clarified.

Hmmmm, I could just change the example Reason Phrases to

     400 You screwed up
     403 Piss off


 ....Roy T. Fielding  Department of ICS, University of California, Irvine USA
Received on Friday, 14 April 1995 17:50:56 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:16 UTC