2015-11-06 21:39:33 +01:00
|
|
|
---
|
|
|
|
|
set: 4
|
|
|
|
|
code: 403
|
|
|
|
|
title: Forbidden
|
2015-11-07 05:34:40 +01:00
|
|
|
references:
|
|
|
|
|
"Rails HTTP Status Symbol": ":forbidden"
|
2015-11-06 21:39:33 +01:00
|
|
|
---
|
|
|
|
|
|
2015-11-07 05:34:40 +01:00
|
|
|
The 403 (Forbidden) status code indicates that the server understood the request
|
|
|
|
|
but refuses to authorize it. A server that wishes to make public why the request
|
|
|
|
|
has been forbidden can describe that reason in the response payload (if any).
|
|
|
|
|
|
|
|
|
|
If authentication credentials were provided in the request, the server considers
|
|
|
|
|
them insufficient to grant access. The client SHOULD NOT automatically repeat
|
|
|
|
|
the request with the same credentials. The client MAY repeat the request with
|
|
|
|
|
new or different credentials. However, a request might be forbidden for reasons
|
|
|
|
|
unrelated to the credentials.
|
|
|
|
|
|
|
|
|
|
An origin server that wishes to "hide" the current existence of a forbidden
|
|
|
|
|
target resource MAY instead respond with a status code of
|
|
|
|
|
[404 (Not Found)](/404).
|
|
|
|
|
|
|
|
|
|
Source: [RFC7231 Section 6.5.3][1]
|
|
|
|
|
|
|
|
|
|
[1]: <http://tools.ietf.org/html/rfc7231#section-6.5.3>
|
