- From: Andrew S. Clapp <clapp@engr.orst.edu>
- Date: Tue, 02 May 1995 19:21:26 -0700
- To: www-talk@www10.w3.org
Where could I find a list of these codes? -ASC > Mike Meyer wrote: > > >> Can someone explain where one should use a 403 response versus a 400 > >> response? Is using 400 only for mailformed requests, and 400 for > >> requests with a command that isn't understood a reasonable > >> interpretation? > > and Paul Phillips responded: > > > My spec indicates that 403 implies greater server understanding than 400 > > does. A 403 means the server tried to service the request, and failed, > > while a 400 means that the server knew based on the request that it would > > fail. > > Ummmm, almost. 400 Bad Request indicates that the server was unable > to understand the request due to it being malformed. 403 Forbidden > indicates that the server *did* understand the request, but refuses to > service it for some reason that remains unknown to the client. > > > There does seem to be some abiguity here, but both codes instruct the > > client not to repeat the request, so I don't think it's critical. > > There is a certain amount of overlap between 400 and all 4xx responses, > but I don't consider that to be ambiguous. I'll change the spec so > that the purpose of the two codes is clarified. > > Hmmmm, I could just change the example Reason Phrases to > > 400 You screwed up > 403 Piss off > > ;-) > > ....Roy T. Fielding Department of ICS, University of California, Irvine USA > <fielding@ics.uci.edu> > <URL:http://www.ics.uci.edu/dir/grad/Software/fielding> Andrew S. Clapp &_ ______ /\ /\ /\ ______\ Oregon State University www.nero.net O7/O \/ \/ \/ \/ / COE Computer Services
Received on Tuesday, 2 May 1995 22:23:21 UTC