Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

403 on a private page when logged out should be 401 #992

Open
MarkTraceur opened this issue Feb 18, 2014 · 3 comments
Open

403 on a private page when logged out should be 401 #992

MarkTraceur opened this issue Feb 18, 2014 · 3 comments
Milestone
Future

Comments

@MarkTraceur
Copy link

https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_Client_Error

"401 Unauthorized: Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided."

"403 Forbidden: The request was a valid request, but the server is refusing to respond to it. Unlike a 401 Unauthorized response, authenticating will make no difference."

Obviously me authenticating as myself will let me see my own posts, so 401 is the proper code.
@MarkTraceur
Copy link
Author

Notably, 403 seems like the right response when a logged-in user cannot access a post.

@evanp evanp added this to the 0.3.1 milestone Jun 22, 2014
@evanp
Copy link
Contributor

evanp commented Jun 22, 2014

Fair enough.

@strugee
Copy link
Member

strugee commented Aug 26, 2016

We're releasing 1.0.0 tomorrow and this isn't in it. Pushing to a later release

@strugee strugee modified the milestones: 1.1, 1.0.0 Aug 26, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Future
Development

No branches or pull requests
4 participants
@evanp @MarkTraceur @strugee and others