[2.0] 403 Forbidden handler
1,238 views
Skip to first unread message
flurdy
May 3, 2012, 7:53:50 AM5/3/12
to play-fr...@googlegroups.com
I realise Play is unlikely to have easy-to-override handlers for all possible http error codes via the GloablSettings trait, but I would have thought 403 was as common as 500, 404 and 401 that do have overridable handlers.
I was thinking of forking and adding my own method to GlobalSettings and a defaultpages template, but I was wondering if there was a particular reason for 403 not being already there?
is it not a recommended error code?
Is 401 a more suitable error code for users authenticated but not authorised for a particular page?or should it be handled by the browser not via template?
flurdy
May 3, 2012, 8:00:42 AM5/3/12
to play-fr...@googlegroups.com
Threads such as this on Stack Overflow : http://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses
muddles the water further regarding 401 v 403, but I believe in my case I should probably use 401s.
However 403 still seems a common error code to template?
Guillaume Bort
May 3, 2012, 9:57:20 AM5/3/12
to play-fr...@googlegroups.com
Because the framework never render status code other than 404,500 and
400 itself. So there is no need to offer a way to customize something
that is never generated by the framework.
> --
> You received this message because you are subscribed to the Google Groups
> "play-framework" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/play-framework/-/VZOzhJAVre4J.
>
> To post to this group, send email to play-fr...@googlegroups.com.
> To unsubscribe from this group, send email to
> play-framewor...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/play-framework?hl=en.
--
Guillaume Bort
400 itself. So there is no need to offer a way to customize something
that is never generated by the framework.
> You received this message because you are subscribed to the Google Groups
> "play-framework" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/play-framework/-/VZOzhJAVre4J.
>
> To post to this group, send email to play-fr...@googlegroups.com.
> To unsubscribe from this group, send email to
> play-framewor...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/play-framework?hl=en.
--
Guillaume Bort
flurdy
May 3, 2012, 10:25:12 AM5/3/12
to play-fr...@googlegroups.com
Ok.
On Thursday, May 3, 2012 3:57:20 PM UTC+2, Guillaume Bort wrote:
For posterity my solution was to use the Unauthorized response code for pages that the current logged in user does not have access to:
Unauthorized(views.html.unauthorised).flashing("message"->"blah private blah")
On Thursday, May 3, 2012 3:57:20 PM UTC+2, Guillaume Bort wrote:
Because the framework never render status code other than 404,500 and
400 itself. So there is no need to offer a way to customize something
that is never generated by the framework.
On Thu, May 3, 2012 at 2:00 PM, flurdy wrote:
> Threads such as this on Stack Overflow
> : http://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses
> muddles the water further regarding 401 v 403, but I believe in my case I
> should probably use 401s.
>
> However 403 still seems a common error code to template?
>
>
>
> On Thursday, May 3, 2012 1:53:50 PM UTC+2, flurdy wrote:
>>
>>
>> Is there a particular reason for why 403 Forbidden Http handlers and
>> template can not be "easily" customised by the framework?
>>
>> I realise Play is unlikely to have easy-to-override handlers for all
>> possible http error codes via the GloablSettings trait, but I would have
>> thought 403 was as common as 500, 404 and 401 that do have overridable
>> handlers.
>>
>> I was thinking of forking and adding my own method to GlobalSettings and a
>> defaultpages template, but I was wondering if there was a particular reason
>> for 403 not being already there?
>>
>> is it not a recommended error code?
>> Is 401 a more suitable error code for users authenticated but not
>> authorised for a particular page?
>> or should it be handled by the browser not via template?
>>
> --
--
Guillaume Bort
Julien Richard-Foy
Jan 7, 2013, 7:26:50 AM1/7/13
to play-fr...@googlegroups.com
It is used as a default value by the Security helper module: https://github.com/playframework/Play20/blob/master/framework/src/play/src/main/scala/play/api/mvc/Security.scala#L91
On Mon, Jan 7, 2013 at 11:49 AM, monzonj <mon...@gmail.com> wrote:
Guillaume, if the framework never generastes a 403, why does this exist?
On Thursday, May 3, 2012 3:57:20 PM UTC+2, Guillaume Bort wrote:
--
William Beh
Jun 17, 2013, 3:48:25 AM6/17/13
to play-fr...@googlegroups.com
Hi Flurdy, I'm facing the same issue, could you please elaborate a bit on how you implement
Unauthorized(views.html.unauthorised).flashing("message"->"blah private blah")
Not too clear on the Unauthorizes(...) part.
Thanks
Reply all
Reply to author
Forward
0 new messages