[thelist] 403 or 404?
Mark Howells
webdev at mountain.ch
Wed Jun 6 10:22:18 CDT 2007
> Say I have a web application where someone must be logged in.
> To view an object a user makes a request like:
>
> /object/21
>
> where 21 is the primary key in the object table. If the user *owns*
> object 21 they can view it. If the user does not own the object do
> they get 403 or 404? Kind of seems like a 403.
According to the HTTP 1.1 protocol, this would be a 403. However, if
"... the server wishes to make public why the request has not been
fulfilled, it SHOULD describe the reason for the refusal in the
entity. If the server does not wish to make this information
available to the client, the status code 404 (Not Found) can be used
instead...."
> What if the request is for an id that doesn't exist? Does that make a
> difference?
I think this would be a 404, without question. The referenced
"document" (entry, page, whatever) is not there.
Mark Howells
- www.permanenttourist.ch
- www.flickr.com/photos/mhowells/
More information about the thelist
mailing list