Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-22789

REST API mixes 401 and 403 HTTP status

    XMLWordPrintable

    Details

      Description

      Reminder:

      401 basically means that you need to authenticate first and that with a correct authentication, the request might be accepted.

      403 means that the current user does not have access to the resource and it's useless to retry the request.

      In short terms, 401 is for authentication issue, 403 is for access issue.

      Ref: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

      Unfortunately, our REST API mostly uses 401 instead of 403 and sometimes uses both wrongly
      Example: https://github.com/ezsystems/ezpublish-kernel/blob/master/doc/specifications/rest/REST-API-V2.rst#untrash-item

      as a result in the current state, it's close to impossible to correctly handle authentication, access and "normal" errors

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              damien.pobel-obsolete@ez.no Damien Pobel (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: