问题描述
今天,一个同事在用户没有权限的情况下在删除操作中使用了550错误,这在我最初看起来很糟糕,因为据我所知,这种错误看起来像是一个客户端(又名4xx)对我而不是服务器(也称为5xx)的错误.
Today a co-worked used a 550 error on a delete action when the user doesn't have permission which at first looked to me bad because as I'm aware of, that kinda error looks like a client (aka 4xx) error to me and not a server (aka 5xx).
查看说明时,完全暗示正确使用了该说明.而不是我以前使用过的问题"所引起的401错误.
When looking at the description, it suggest exactly that it was used correctly. Instead of a 401 error, which I was using with some 'problems' before.
401错误的问题是:如果用户A登录,并且尝试执行返回401的操作,则它可能建议您必须登录",因为您没有访问该http资源的有效凭据.这种方法的问题是,如果用户已登录,则服务器会知道他没有该权限,在这种情况下,看起来像是550,这更合适,但在我看来,不应该使用550错误场景.
Problem of 401 error is : If user A is logged in, and try to do an action that returns a 401 it can suggest that you must 'login' since you don't have valid credentials to access that http resource. Problem with this approach is that if user is logged, server knows that he doesn't have the permission, in this case, looks like a 550 it's more appropriate but doesn't look quite to me that a 550 error should be used in this scenario.
问题是:在基于Web的应用程序中,550错误的正确用法是什么(如果有的话).我了解它在FTP和SMTP中继使用中使用.如果某些登录用户发送了不允许的操作请求,应该返回哪个错误?
Question is:What's the proper use (if any) of 550 error, in web based applications. I understand it's use in FTP and SMTP relay usage.If some logged in user, sends a request of an action which is not permitted, which error should be returned ?
谢谢!
推荐答案
5xx错误是SERVER错误.如果用户没有权限,则应该是4XX错误.
5xx errors are SERVER errors. If the user doesn't have permission it should be a 4XX error.
但是你是正确的. 401错误表示用户必须登录才能访问.即要求验证.
However you're correct. A 401 error means that a user must log in to access. i.e. authentication is required.
您要查找的错误是 403禁止访问
对于是否由于用户登录而没有歧义.清晰明了.
This has no ambiguity over whether its because a user is logged in or not. Its clear cut.
来自Wiki上的http错误代码( http://en.wikipedia.org/wiki/List_of_HTTP_status_codes )(强调我的意思):
From the wiki on http error codes (http://en.wikipedia.org/wiki/List_of_HTTP_status_codes) (emphasis mine):
该请求是有效请求,但服务器拒绝响应 对此.[2]与401未经授权的响应不同,身份验证将使 没什么区别.[2]在需要身份验证的服务器上,这 通常表示提供的凭据已成功 已通过身份验证,但是凭据仍未授予客户端 访问资源的权限(例如,认可的用户正在尝试 来访问受限制的内容.
The request was a valid request, but the server is refusing to respond to it.[2] Unlike a 401 Unauthorized response, authenticating will make no difference.[2] On servers where authentication is required, this commonly means that the provided credentials were successfully authenticated but that the credentials still do not grant the client permission to access the resource (e.g. a recognized user attempting to access restricted content).
再次,根据上述维基,没有550错误之类的事情.我想您可以选择自己实现它,但是可能不需要诚实.但是,这应该是标准中定义的服务器错误.
Again, according to the above wiki, there is no such thing as a 550 error. I suppose that you could choose to implement it yourself, but there's probably no need to be honest. It should be a server error as defined in the standards however.
这篇关于正确使用HTTP错误代码. 550-为什么是5xx而不是4xx?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!