响应状态码403
We've covered the 403 (Forbidden) HTTP Error code in some detail before, but it also has a near identical sibling.
前面我们已经详细介绍了403(禁止)HTTP错误代码,但是它也有几乎相同的兄弟。
So what exactly is the difference between the 401 (Unauthorized) and 403 (Forbidden) status codes? Surely they mean the same thing? Let's take a closer look!
那么401(未经授权)和403(禁止)状态代码之间到底有什么区别? 他们肯定是同一回事吗? 让我们仔细看看!
RFC标准 (RFC Standards)The most up to date RFC Standard defining 401 (Unauthorized) is RFC 7235
定义401(未经授权)的最新RFC标准是RFC 7235
The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource...The user agent MAY repeat the request with a new or replaced Authorization header field. 401(未经授权)状态码表示该请求尚未应用,因为它缺少针对目标资源的有效身份验证凭据...用户代理可以使用新的或替换的Authorization标头字段重复该请求。Whereas 403 (Forbidden) is most recently defined in RFC 7231
而403(禁止)是RFC 7231中最新定义的
The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it...If authentication credentials were provided in the request, the server considers them insufficient to grant access. 403(禁止)状态代码表示服务器理解了请求但拒绝对其进行授权...如果在请求中提供了身份验证凭据,则服务器认为它们不足以授予访问权限。 常见原因 (Common Causes)As mentioned in the previous article, the 403 error can result when a user has logged in but they don't have sufficient privileges to access the requested resource. For example, a generic user may be attempting to load an 'admin' route.
如前一篇文章所述,当用户登录但他们没有足够的特权来访问请求的资源时,可能会导致403错误。 例如,一般用户可能正在尝试加载“管理员”路由。
The most obvious time you'd encounter a 401 error, on the other hand, is when you have not logged in at all, or have provided the incorrect password.
另一方面,最明显的时间是您根本没有登录或提供了错误的密码时遇到401错误。
These are the two most common causes for this pair of errors.
这是这对错误的两个最常见的原因。
不太常见的原因 (Less Common Causes)There are some instances where it's not quite as straightforward as that, though.
在某些情况下,它并不那么简单。
403 errors can occur because of restrictions not entirely dependent on the logged in user's credentials.
由于限制不完全取决于登录用户的凭据,因此可能会发生403错误。
For example, a server may have locked down particular resources to only allow access from a predefined range of IP addresses, or may utilize geo-blocking. The latter can be potentially circumvented with a VPN.
例如,服务器可能已锁定特定资源以仅允许来自预定义IP地址范围的访问,或者可能利用了地理阻止。 VPN可能会绕过后者。
401 errors can occur even if the user enters the correct credentials. This is rare, and might be something you only really encounter while developing your own authenticated back ends. But if the authorization header is malformed it will return a 401.
即使用户输入正确的凭据,也会发生401错误。 这很少见,可能是您在开发自己的经过身份验证的后端时真正遇到的问题。 但是,如果授权标头格式错误,则它将返回401。
For example, you might have a JWT (JSON Web Token) you want to include in the request header, which expects the format Authorization: Bearer eyJhbGci......yJV_adQssw5c. If you were to forget the word 'Bearer' before the JWT, you would encounter the 401 error.
例如,您可能想要在请求标头中包含一个JWT(JSON Web令牌),该标头的格式应为Authorization: Bearer eyJhbGci......yJV_adQssw5c 。 如果您在JWT之前忘记了“承载者”一词,则会遇到401错误。
I have run in to this problem myself when testing APIs under development with Postman and forgetting the correct syntax for auth headers!
在使用Postman测试正在开发的API时,我自己遇到了这个问题,而忘记了auth标头的正确语法!
而已 (That's it)I hope this clears up any confusion surrounding these very similar errors.
我希望这可以消除围绕这些非常相似的错误的混淆。
If you found this helpful, or wish to challenge or extend anything raised here, feel free to contact me on Twitter @JacksonBates.
如果您觉得这有帮助,或者希望挑战或扩展此处提出的任何内容,请随时通过Twitter @JacksonBates与我联系。
翻译自: https://www.freecodecamp.org/news/http-401-error-vs-http-403-error-status-code-responses-explained/
响应状态码403