Y
Hacker News
new
|
ask
|
show
|
jobs
by
RyanMcGreal
4697 days ago
My understanding is that the server should respond with 401 Unauthorized when someone is attempting to access a resource that requires authentication. What is the case for using 403 instead?
2 comments
daveid
4697 days ago
OK, 401 makes more sense in that context. But another 403 case would be "the authorized user lacks permission to open resource."
link
gpvos
4697 days ago
When they have authenticated (logged on), but they still do not have access to that particular resource (but may have access to others).
link