[squeak-dev] The Inbox: WebClient-Core-ct.126.mcz
Tobias Pape
Das.Linux at gmx.de
Mon Oct 12 19:06:21 UTC 2020
Hi
> On 12.10.2020, at 20:47, Thiede, Christoph <Christoph.Thiede at student.hpi.uni-potsdam.de> wrote:
>
> For example, many modern REST APIs use to return an error 404 if an attempt is made to access a private resource without authenticating before [1] which currrently makes it impossible to authenticate to these APIs using the WebClient.
No, thats not what the link says:
Q: "1. How to deal with unauthorized requests?
I'm intending to respond to requests with the following codes:
• Is the resource open and found? 200 OK
• Do you need to be authenticated to access the resources? 401 Unauthorized
• Don't you have access to a category of resources? 403 Forbidden
• Do you have access to a category of resources, but not to this specific resource? 404 Not Found to prevent people from getting to know the existance of a resource they do not have access to.
• Doesn't the resource exist? 404 Not Found
"
A: "How to deal with unauthorized requests?
The way you described it is pretty much the recommended way for a RESTful service. As far as I can see there is absolutely nothing wrong with that."
That means: "Do you need to be authenticated to access the resources? 401 Unauthorized"
I do not support preemtive authentication, especially in non-SSL circumstances.
=-=-=-=
It is also hard to see the differences because you reformatted them method :/
Best regards
-Tobias
More information about the Squeak-dev
mailing list
|