[wp-gsoc] [Summer of Code] #338: HTTP Status 405 on disabled should be 403

Summer of Code noreply at wordpress.org
Tue Aug 6 14:44:40 UTC 2013 

#338: HTTP Status 405 on disabled should be 403
---------------------------+------------------
 Reporter:  MikeSchinkel   |       Owner:
     Type:  defect         |      Status:  new
 Priority:  normal         |   Milestone:
Component:  JSON REST API  |  Resolution:
 Keywords:                 |
---------------------------+------------------

Comment (by rmccue):

 Replying to [comment:6 MikeSchinkel]:
 > Replying to [comment:5 rmccue]:
 > > A 403 means in practice that authentication was successful, but the
 user doesn't have the permission to do the task.
 >
 > That is not my interpretation of the section on 403 in RFC2616. But be
 that as it may.

 In essence:

 * 401 - Not logged in, no permissions to perform task, try authenticating
 * 403 - Logged in, no permissions to perform task

 Also, I'd like to note that both 401 and 403 are directly related to
 authentication, whereas this error condition is not at all. The error
 condition is directly related to resource availability.

 So, to determine which error code, here's the process of elimination I
 used (in addition to what the spec actually says):

 * The error is a client error (as it's related to the request), so 4xx
 * The error is not related to the syntax, so not 400, 405, 406, 408, 411,
 412, 413, 414, 416, 417
 * The error is not related to authentication, so not 401, 403, 407
 * The error is not related to payment, so not 402
 * The error is not related to a submitted entity, so not 409
 * This leaves 404, 410, 415
 * Of those, only 404 and 410 relate to the availability of the resource

 In addition, the spec outlines a case similar to this one in the 410
 specification. We specifically want to indicate that the resource is
 intentionally unavailable. We don't know whether it will be permanent or
 not, so 404 is the correct error here, but 410 may be more specific (since
 it's fairly likely that it will be disabled at least semi-permanently).

--
Ticket URL: <https://gsoc.trac.wordpress.org/ticket/338#comment:7>
Summer of Code <https://gsoc.trac.wordpress.org>
My example project

More information about the wp-gsoc mailing list