piston.utils.rc.CODES suggestion on 401 and request for 403

Issue #149 new
Daniel Graziotin
created an issue

Actually Piston let us return rc.FORBIDDEN that is a wrapper for a HTTP 401 request. Here are my thoughts:

According to http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html, a 401 code is for Unauthorized and basically means that the user failed in providing authentication (i.e. bad or missing login/password)

A 403 is HTTP Forbidden, that is for representing a case in which a resource exists but can not be accessed after user provided credentials because of permissions.

Therefore, I would suggest to:

  • change rc.FORBIDDEN to return a 403 HTTP status code
  • add a new rc.UNAUTHORIZED and make it return a 401 HTTP status code

Comments (0)

  1. Log in to comment