如果有人请求访问不允许他查看的实体,应该返回什么状态代码?您可能会说它是 403:禁止访问。但是返回 404 是常见的做法吗?我不希望有人知道这个实体存在,如果他不被允许看到的话。你怎么看?
最佳答案
使用 404 未找到。
The 404 status code can also be used in 403 scenarios, when the server does not want to send back the reason why it is refusing to serve the request. A good example is when the server senses some kind of an attack, which might be a brute force attack. In this case, the server responds with a 404 Not found instead of a 403 Forbidden and an explanation.
关于rest - 访问被拒绝 : 403 or 404?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28582830/