2015-11-06 21:39:33 +01:00
|
|
|
---
|
|
|
|
set: 4
|
|
|
|
code: 403
|
|
|
|
title: Forbidden
|
2015-11-07 05:34:40 +01:00
|
|
|
references:
|
|
|
|
"Rails HTTP Status Symbol": ":forbidden"
|
2015-11-06 21:39:33 +01:00
|
|
|
---
|
|
|
|
|
2015-11-09 02:44:05 +01:00
|
|
|
The server understood the request but refuses to authorize it.
|
|
|
|
|
|
|
|
A server that wishes to make public why the request has been forbidden can
|
|
|
|
describe that reason in the response payload (if any).
|
2015-11-07 05:34:40 +01:00
|
|
|
|
|
|
|
If authentication credentials were provided in the request, the server considers
|
|
|
|
them insufficient to grant access. The client SHOULD NOT automatically repeat
|
|
|
|
the request with the same credentials. The client MAY repeat the request with
|
|
|
|
new or different credentials. However, a request might be forbidden for reasons
|
|
|
|
unrelated to the credentials.
|
|
|
|
|
|
|
|
An origin server that wishes to "hide" the current existence of a forbidden
|
|
|
|
target resource MAY instead respond with a status code of
|
2015-11-09 02:44:05 +01:00
|
|
|
[404 Not Found](/404).
|
|
|
|
|
|
|
|
---
|
2015-11-07 05:34:40 +01:00
|
|
|
|
2015-11-09 02:44:05 +01:00
|
|
|
* Source: [RFC7231 Section 6.5.3][1]
|
2015-11-07 05:34:40 +01:00
|
|
|
|
|
|
|
[1]: <http://tools.ietf.org/html/rfc7231#section-6.5.3>
|