You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a person is not allowed to perform a certain action because they don't have permission. It should not be returning Bad Request. It should return a 401 Unauthorized instead.
The coding guidelines should also be updated to reflect this change.
The text was updated successfully, but these errors were encountered:
It should return 401 Unauthorized if the user is not authenticated / signed in.
If the user is authenticated / signed in but it does not have the right permissions to perform an action it should return 403 Forbidden.
Forbidden would be a good option if it allowed to ship a body. We can not describe to the user why they were forbidden.
With Unauthorized we can tell the user why the request was not allowed.
If a person is not allowed to perform a certain action because they don't have permission. It should not be returning Bad Request. It should return a 401 Unauthorized instead.
The coding guidelines should also be updated to reflect this change.
The text was updated successfully, but these errors were encountered: