> Mike Meyer wrote:
> >> Can someone explain where one should use a 403 response versus a 400
> >> response? Is using 400 only for mailformed requests, and 400 for
> >> requests with a command that isn't understood a reasonable
> >> interpretation?
> and Paul Phillips responded:
> > My spec indicates that 403 implies greater server understanding than 400
> > does. A 403 means the server tried to service the request, and failed,
> > while a 400 means that the server knew based on the request that it would
> > fail.
> Ummmm, almost. 400 Bad Request indicates that the server was unable
> to understand the request due to it being malformed. 403 Forbidden
> indicates that the server *did* understand the request, but refuses to
> service it for some reason that remains unknown to the client.
> > There does seem to be some abiguity here, but both codes instruct the
> > client not to repeat the request, so I don't think it's critical.
> There is a certain amount of overlap between 400 and all 4xx responses,
> but I don't consider that to be ambiguous. I'll change the spec so
> that the purpose of the two codes is clarified.
> Hmmmm, I could just change the example Reason Phrases to
> 400 You screwed up
> 403 Piss off
> ....Roy T. Fielding Department of ICS, University of California, Irvine USA
Andrew S. Clapp &_ ______ /\ /\ /\ ______\ Oregon State University
www.nero.net O7/O \/ \/ \/ \/ / COE Computer Services