[http-headers] 403 Forbidden vs 401 Unauthorized HTTP responses

In the case of 401 vs 403, this has been answered many times. This is essentially a 'HTTP request environment' debate, not an 'application' debate.

There seems to be a question on the roll-your-own-login issue (application).

In this case, simply not being logged in is not sufficient to send a 401 or a 403, unless you use HTTP Auth vs a login page (not tied to setting HTTP Auth). It sounds like you may be looking for a "201 Created", with a roll-your-own-login screen present (instead of the requested resource) for the application-level access to a file. This says:

"I heard you, it's here, but try this instead (you are not allowed to see it)"

Examples related to http-headers

Set cookies for cross origin requests Adding a HTTP header to the Angular HttpClient doesn't send the header, why? Passing headers with axios POST request What is HTTP "Host" header? CORS error :Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response Using Axios GET with Authorization Header in React-Native App Axios get access to response header fields Custom header to HttpClient request Send multipart/form-data files with angular using $http Best HTTP Authorization header type for JWT

Examples related to http-status-code-403

Nginx 403 error: directory index of [folder] is forbidden HTTP error 403 in Python 3 Web Scraping MVC4 HTTP Error 403.14 - Forbidden Error message "Forbidden You don't have permission to access / on this server" WAMP 403 Forbidden message on Windows 7 Apache VirtualHost 403 Forbidden Nginx 403 forbidden for all files Emulate a 403 error page 403 Forbidden vs 401 Unauthorized HTTP responses Apache gives me 403 Access Forbidden when DocumentRoot points to two different drives

Examples related to http-status-codes

Laravel - Return json along with http status code Spring: return @ResponseBody "ResponseEntity<List<JSONObject>>" HTTP status code 0 - Error Domain=NSURLErrorDomain? 400 vs 422 response to POST of data Python Request Post with param data HTTP Get with 204 No Content: Is that normal Throw HttpResponseException or return Request.CreateErrorResponse? Returning http status code from Web Api controller How to specify HTTP error code? How to get HTTP response code for a URL in Java?

Examples related to http-status-code-401

HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers 401 Unauthorized: Access is denied due to invalid credentials Server returned HTTP response code: 401 for URL: https 403 Forbidden vs 401 Unauthorized HTTP responses How do I get the HTTP status code with jQuery?

Examples related to http-response-codes

What is "406-Not Acceptable Response" in HTTP? 403 Forbidden vs 401 Unauthorized HTTP responses PHP: How to send HTTP response code?