0

IE 11 and Microsoft Edge both recommend logging in after receiving an HTTP 403: Forbidden.

The package hc says this about error 403:

Code explanation: Request forbidden -- authorization will not help

Wikipedia also says:

Status codes 401 (Unauthorized) and 403 (Forbidden) have distinct meanings.

A 401 response indicates that access to the resource is restricted, and the request did not provide any HTTP authentication. It is possible that a new request for the same resource will succeed if authentication is provided. The response must include an HTTP WWW-Authenticate header to prompt the user-agent to provide credentials. If credentials are not provided via HTTP Authorization, then 401 should not be used.

A 403 response generally indicates one of two conditions:

Authentication was provided, but the authenticated user is not permitted to perform the requested operation.

The operation is forbidden to all users. For example, requests for a directory listing return code 403 when directory listing has been disabled.

The error code given by IE and Edge would seem to imply there are cases in which logging in would help the problem. I filed a bug about this here, but I thought I'd give Microsoft some slack.

In which cases is logging in a solution to 403: Forbidden?

cat
  • 123
  • 7

1 Answers1

1

When you have logged in or attempted to log in with the wrong credentials, having either by failing to authenticate (bad username/password) or authenticating to a non-authorized user.

84104
  • 12,905
  • 6
  • 45
  • 76
  • If authentication was successful, but the resource is off-limits, then 401 Unauthorised makes more sense, but logging in again will not change the outcome. If auth was unsuccessful, then 403 Forbidden makes sense, but attempting logging in again will not change the outcome. – cat Feb 19 '16 at 19:55