我的 HTTP 代码响应有问题。
用例:
用户与用户尝试修改记录,该记录只能由具有主持人权限的用户编辑(由业务逻辑强制执行)。
预期的 HTTP 状态响应是什么?
我确定以下状态是错误的。
-
200
是错误的,因为行动并不成功 -
400
似乎是错误的,因为所有请求部分都是正确的(正文/ header /方法)
我认为401 Unauthorized
或403 Forbidden
,但我没有任何论据可以应用。
您期望什么状态?
最佳答案
I consider
401 Unauthorized
or403 Forbidden
, but I don't have any argument to apply.
403
状态代码似乎适合您问题中描述的情况。但是,如果服务器想要“隐藏”某个资源的存在,那么404
可以用它代替。请参阅 RFC 7231 中的以下引用:
The
403
(Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.
An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of
404
(Not Found).
401
状态代码用于 HTTP authentication (其中凭据在 Authorization
header 中发送)以指示该请求的凭据已被拒绝。
关于rest - 如果用户尝试执行他们不可用的操作,则适当的 HTTP 错误代码是什么,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59030180/