初見 http 401------談談401和403的區別
最近, 去訪問某一資源, 提示http 401, 頗為納悶, 從未見過啊, 孤陋寡聞。
於是, 上網查詢了一下, 是鑑權錯誤, 仔細check了一下自己的程式碼, 發現程式碼果然有問題, 配置出錯了, 而且還多了一個空格, 導致http req中的authentication資訊不對, 從而導致http rsp中的status code為 401. 修改程式碼後, 就OK了。
之前, 我們還說過http 403, 那http 401和 http 403有什麼區別呢? 我來引用網上的一段話來說明:
There's a problem with 401 Unauthorized, the HTTP status code for authentication errors. And that’s just it: it’s for authentication, not authorization. Receiving a 401 response is the server telling you, “you aren’t authenticated–either not authenticated at all or authenticated incorrectly–but please reauthenticate and try again.” To help you out, it will always include a WWW-Authenticate header that describes how to authenticate.
This is a response generally returned by your web server, not your web application.
It’s also something very temporary; the server is asking you to try again.
So, for authorization I use the 403 Forbidden response. It’s permanent, it’s tied to my application logic, and it’s a more concrete response than a 401.
Receiving a 403 response is the server telling you, “I’m sorry. I know who you are–I believe who you say you are–but you just don’t have permission to access this resource. Maybe if you ask the system administrator nicely, you’ll get permission. But please don’t bother me again until your predicament changes.”
In summary, a 401 Unauthorized response should be used for missing or bad authentication, and a 403 Forbidden response should be used afterwards, when the user is authenticated but isn’t authorized to perform the requested operation on the given resource.
相關文章
- 談談import和require的區別ImportUI
- 談談mysql和redis的區別MySqlRedis
- 淺談HTTP中GET和POST請求方式的區別HTTP
- 淺談HTTP中Get與Post的區別HTTP
- 淺談HTTP中Get與Post的區別-javaHTTPJava
- 淺談let和var的區別
- 淺談SFTP和FTP的區別FTP
- 談談資料安全常見的誤區
- 談談JavaScript中常見的資料型別JavaScript資料型別
- 談談redis,memcache的區別和具體應用場景Redis
- 淺談TCP和UDP協議的區別TCPUDP協議
- 談一談Coders Programmer Developer的區別Developer
- $.each()、$.map()區別淺談
- 淺談querySelector和getElementById之間的區別
- 談談撥號動態VPS和vps伺服器區別伺服器
- HTTp和ftp的區別HTTPFTP
- tcp和http的區別TCPHTTP
- websocket和http的區別WebHTTP
- 淺談src與href的區別
- 初談KafkaKafka
- 談一談自己對依賴、關聯、聚合和組合之間區別的理解
- 談談機器學習與傳統程式設計之間的區別機器學習程式設計
- http和https的區別/get和post的區別HTTP
- 談談大資料採集和常見問題大資料
- 淺談C#中重寫和隱藏的區別C#
- 淺談SOAPWebserver與RestfulWebserver區別WebServerREST
- 談MySQL中char varchar區別MySql
- http和https的區別?HTTP
- HTTPS和HTTP的區別HTTP
- HTTPS 和 HTTP 的區別HTTP
- http和https的區別HTTP
- 談談surging引擎的tcp、http、ws協議和如何容器化部署TCPHTTP協議
- Http協議中Get和Post的淺談HTTP協議
- 談談 HTTP/2 的協議協商機制HTTP協議
- 談一談常見的資料治理怪象
- 淺談DNS遞迴解析和迭代解析之間的區別DNS遞迴
- 由JSESSIONID談cookie與SESSION的區別和聯絡JSSessionCookie
- 面試題:能談談Date、Datetime、Time、Timestamp、year的區別嗎?面試題