(no subject)

Thu, 20 Apr 1995 16:22:11 +0500

***** UNDELIVERABLE MAIL sent to pete, being returned by seq1!www-talk@www10.w3.org *****
mail: Error # 2 'Problem with mailfile' encountered on system seq1

Received: from www19.w3.org by aps.org (5.65/1.35)
id AA22647; Thu, 20 Apr 95 14:26:40 -0400
Date: Thu, 20 Apr 95 14:26:40 -0400
From: www-talk@www10.w3.org
Message-Id: <9504201826.AA22647@aps.org>
Content-Length: 0
Apparently-To: <pete@aps.org>

Mike Meyer wrote:

>> Can someone explain where one should use a 403 response versus a 400
>> response? Is using 400 only for mailformed requests, and 400 for
>> requests with a command that isn't understood a reasonable
>> interpretation?

and Paul Phillips responded:

> My spec indicates that 403 implies greater server understanding than 400
> does. A 403 means the server tried to service the request, and failed,
> while a 400 means that the server knew based on the request that it would
> fail.

Ummmm, almost. 400 Bad Request indicates that the server was unable
to understand the request due to it being malformed. 403 Forbidden
indicates that the server *did* understand the request, but refuses to
service it for some reason that remains unknown to the client.

> There does seem to be some abiguity here, but both codes instruct the
> client not to repeat the request, so I don't think it's critical.

There is a certain amount of overlap between 400 and all 4xx responses,
but I don't consider that to be ambiguous. I'll change the spec so
that the purpose of the two codes is clarified.

Hmmmm, I could just change the example Reason Phrases to

400 You screwed up
403 Piss off


....Roy T. Fielding Department of ICS, University of California, Irvine USA