[wp-gsoc] [Summer of Code] #338: HTTP Status 405 on disabled should be 403

Summer of Code noreply at wordpress.org
Tue Aug 6 00:43:57 UTC 2013 

#338: HTTP Status 405 on disabled should be 403
---------------------------+------------------
 Reporter:  MikeSchinkel   |       Owner:
     Type:  defect         |      Status:  new
 Priority:  normal         |   Milestone:
Component:  JSON REST API  |  Resolution:
 Keywords:                 |
---------------------------+------------------

Comment (by rmccue):

 Replying to [comment:4 MikeSchinkel]:
 > So it would seem you are referring to a 401, not a 403?

 Directly from [http://tools.ietf.org/html/rfc2616#section-10.4.4 RFC2616]:

 > The server understood the request, but is refusing to fulfill it.
 Authorization will not help and the request SHOULD NOT be repeated. If the
 request method was not HEAD and the server wishes to make public why the
 request has not been fulfilled, it SHOULD describe the reason for the
 refusal in the entity.  If the server does not wish to make this
 information available to the client, the status code 404 (Not Found) can
 be used instead.

 A 403 means in practice that authentication was successful, but the user
 doesn't have the permission to do the task.

 On the other hand, a 410 is the following (emphasis mine):

 > '''The requested resource is no longer available at the server''' and no
 forwarding address is known. This condition is expected to be considered
 permanent. Clients with link editing capabilities SHOULD delete references
 to the Request-URI after user approval. '''If the server does not know, or
 has no facility to determine, whether or not the condition is permanent,
 the status code 404 (Not Found) SHOULD be used instead.''' This response
 is cacheable unless indicated otherwise.
 >
 > '''The 410 response is primarily intended to assist the task of web
 maintenance by notifying the recipient that the resource is intentionally
 unavailable and that the server owners desire that remote links to that
 resource be removed.''' Such an event is common for limited-time,
 promotional services and for resources belonging to individuals no longer
 working at the server's site. It is not necessary to mark all permanently
 unavailable resources as "gone" or to keep the mark for any length of time
 -- that is left to the discretion of the server owner.

 Hence my comment that either 404 or 410 is appropriate. A 410 is probably
 too permanent, so 404 is most likely the best option here.

--
Ticket URL: <https://gsoc.trac.wordpress.org/ticket/338#comment:5>
Summer of Code <https://gsoc.trac.wordpress.org>
My example project

More information about the wp-gsoc mailing list