Status Code 401 and 403

51 views
Skip to first unread message

Jorge Cardona

unread,
Jul 22, 2011, 2:47:13 AM7/22/11
to django...@googlegroups.com
Hi,

The right responses for 401 and 403 are Unauthorized and Forbidden
(http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) in Piston the
rc.FORBIDDEN returns a 401 code.

There are three bugs associated with this:

https://bitbucket.org/jespern/django-piston/issue/160/rcforbidden-returns-status-code-401
https://bitbucket.org/jespern/django-piston/issue/149/pistonutilsrccodes-suggestion-on-401-and
https://bitbucket.org/jespern/django-piston/issue/125/http-code-forbidden-and-unauthorized

None of them have comments in at least one year.

For compatibility purpose I want to add (at the repo
https://github.com/django-piston/django-piston-oauth2)a
DeprecationWarning in order to change all the rc.FORBIDDEN to
rc.UNAUTHORIZED, and a PendingDeprecationWarning to add a rc.FORBIDDEN
with status code 403. So, the migration will be just change the
current FORBIDDEN for UNAUTHORIZED, and then add the correct
rc.FORBIDDEN where is needed.

Tell me what do you think.

Bye

--
Jorge Eduardo Cardona
jorgee...@gmail.com
jorgeecardona.blogspot.com
github.com/jorgeecardona
------------------------------------------------
Linux registered user  #391186
Registered machine    #291871
------------------------------------------------

Michael Blume

unread,
Jul 22, 2011, 3:22:45 AM7/22/11
to django...@googlegroups.com

+1. I've mostly been using the django responses for just this reason.

> --
> You received this message because you are subscribed to the Google Groups "django-piston" group.
> To post to this group, send email to django...@googlegroups.com.
> To unsubscribe from this group, send email to django-pisto...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-piston?hl=en.
>

umb...@gmail.com

unread,
Jul 22, 2011, 7:09:22 AM7/22/11
to django...@googlegroups.com, django...@googlegroups.com
+1

Jorge Cardona

unread,
Jul 22, 2011, 6:52:24 PM7/22/11
to django...@googlegroups.com
I was thinking in a different option, we can add a rc factor to the
handler in order to do this:

return self.rc('DELETED', content='Some information about the object')
return self.rc('CREATED', object)

or

return self.DELETED
return self.CREATED
return self.CREATED(object)

in the handler's methods create, read, update, delete.

What I want is to be able to add some content to the response, use the
correct status codes, create some shortcuts for it and use the current
emitter in piston.

What do you think?

Reply all
Reply to author
Forward
0 new messages