Explorer API returns HTTP 403 forbidden for non-existent resources #29

adamretter · 2020-09-22T21:35:31Z

When accessing a resource that does not exist via the /explorer API, we should we return HTTP 403 or HTTP 404. Arguable 403 is more secure, but perhaps misleading... we need to give this some thought.

The text was updated successfully, but these errors were encountered:

duncdrum · 2021-07-07T09:48:02Z

has thought been given? 403 seems the better choice to me, not sure how it is misleading because the /explorer endpoint is there?

adamretter · 2021-07-07T09:59:45Z

I think that if the user is authorized and the resource does not exist then the response should be 404, if the user is not authorized that takes priority and the response should be 403

adamretter added the question Further information is requested label Sep 22, 2020

adamretter self-assigned this Sep 22, 2020

adamretter changed the title ~~/explorer API returns HTTP 403 forbidden for non-existent resources~~ Explorer API returns HTTP 403 forbidden for non-existent resources Sep 22, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Explorer API returns HTTP 403 forbidden for non-existent resources #29

Explorer API returns HTTP 403 forbidden for non-existent resources #29

adamretter commented Sep 22, 2020 •

edited

Loading

duncdrum commented Jul 7, 2021

adamretter commented Jul 7, 2021

Explorer API returns HTTP 403 forbidden for non-existent resources #29

Explorer API returns HTTP 403 forbidden for non-existent resources #29

Comments

adamretter commented Sep 22, 2020 • edited Loading

duncdrum commented Jul 7, 2021

adamretter commented Jul 7, 2021

adamretter commented Sep 22, 2020 •

edited

Loading