[Docs] [txt|pdf] [draft-ietf-http...] [Tracker] [Diff1] [Diff2] [Errata]
PROPOSED STANDARD
Errata Exist
Internet Engineering Task Force (IETF) R. Fielding, Ed.
Request for Comments: 7231 Adobe
Obsoletes: 2616 J. Reschke, Ed.
Updates: 2817 greenbytes
Category: Standards Track June 2014
ISSN: 2070-1721
Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
Abstract
The Hypertext Transfer Protocol (HTTP) is a stateless application-
level protocol for distributed, collaborative, hypertext information
systems. This document defines the semantics of HTTP/1.1 messages,
as expressed by request methods, request header fields, response
status codes, and response header fields, along with the payload of
messages (metadata and body content) and mechanisms for content
negotiation.
RFC 7231 HTTP/1.1 Semantics and Content June 2014
6.5.3. 403 Forbidden
The 403 (Forbidden) status code indicates that the server understood
the request but refuses to authorize it. A server that wishes to
make public why the request has been forbidden can describe that
reason in the response payload (if any).
If authentication credentials were provided in the request, the
server considers them insufficient to grant access. The client
SHOULD NOT automatically repeat the request with the same
credentials. The client MAY repeat the request with new or different
credentials. However, a request might be forbidden for reasons
unrelated to the credentials.
An origin server that wishes to "hide" the current existence of a
forbidden target resource MAY instead respond with a status code of
404 (Not Found).
Fielding & Reschke Standards Track [Page 59]