響應狀態(tài)碼403

We've covered the 403 (Forbidden) HTTP Error code in some detail before, but it also has a near identical sibling.

前面我們已經詳細介紹了403(禁止)HTTP錯誤代碼，但是它也有幾乎相同的兄弟。

So what exactly is the difference between the 401 (Unauthorized) and 403 (Forbidden) status codes? Surely they mean the same thing? Let's take a closer look!

那么401(未經授權)和403(禁止)狀態(tài)代碼之間到底有什么區(qū)別？ 他們肯定是同一回事嗎？ 讓我們仔細看看！

RFC標準 (RFC Standards)

The most up to date RFC Standard defining 401 (Unauthorized) is RFC 7235

定義401(未經授權)的最新RFC標準是RFC 7235

The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource...The user agent MAY repeat the request with a new or replaced Authorization header field.401(未經授權)狀態(tài)碼表示該請求尚未應用，因為它缺少針對目標資源的有效身份驗證憑據...用戶代理可以使用新的或替換的Authorization標頭字段重復該請求。

Whereas 403 (Forbidden) is most recently defined in RFC 7231

而403(禁止)是RFC 7231中最新定義的

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it...If authentication credentials were provided in the request, the server considers them insufficient to ?grant access.403(禁止)狀態(tài)代碼表示服務器理解了請求但拒絕對其進行授權...如果在請求中提供了身份驗證憑據，則服務器認為它們不足以授予訪問權限。

常見原因 (Common Causes)

As mentioned in the previous article, the 403 error can result when a user has logged in but they don't have sufficient privileges to access the requested resource. For example, a generic user may be attempting to load an 'admin' route.

如前一篇文章所述，當用戶登錄但他們沒有足夠的特權來訪問請求的資源時，可能會導致403錯誤。 例如，一般用戶可能正在嘗試加載“管理員”路由。

The most obvious time you'd encounter a 401 error, on the other hand, is when you have not logged in at all, or have provided the incorrect password.

另一方面，最明顯的時間是您根本沒有登錄或提供了錯誤的密碼時遇到401錯誤。

These are the two most common causes for this pair of errors.

這是這對錯誤的兩個最常見的原因。

不太常見的原因 (Less Common Causes)

There are some instances where it's not quite as straightforward as that, though.

在某些情況下，它并不那么簡單。

403 errors can occur because of restrictions not entirely dependent on the logged in user's credentials.

由于限制不完全取決于登錄用戶的憑據，因此可能會發(fā)生403錯誤。

For example, a server may have locked down particular resources to only allow access from a predefined range of IP addresses, or may utilize geo-blocking. The latter can be potentially circumvented with a VPN.

例如，服務器可能已鎖定特定資源以僅允許來自預定義IP地址范圍的訪問，或者可能利用了地理阻止。 VPN可能會繞過后者。

401 errors can occur even if the user enters the correct credentials. This is rare, and might be something you only really encounter while developing your own authenticated back ends. But if the authorization header is malformed it will return a 401.

即使用戶輸入正確的憑據，也會發(fā)生401錯誤。 這很少見，可能是您在開發(fā)自己的經過身份驗證的后端時真正遇到的問題。 但是，如果授權標頭格式錯誤，則它將返回401。

For example, you might have a JWT (JSON Web Token) you want to include in the request header, which expects the format Authorization: Bearer eyJhbGci......yJV_adQssw5c. If you were to forget the word 'Bearer' before the JWT, you would encounter the 401 error.

例如，您可能想要在請求標頭中包含一個JWT(JSON Web令牌)，該標頭的格式應為Authorization: Bearer eyJhbGci......yJV_adQssw5c 。 如果您在JWT之前忘記了“承載者??”一詞，則會遇到401錯誤。

I have run in to this problem myself when testing APIs under development with Postman and forgetting the correct syntax for auth headers!

在使用Postman測試正在開發(fā)的API時，我自己遇到了這個問題，而忘記了auth標頭的正確語法！

而已 (That's it)

I hope this clears up any confusion surrounding these very similar errors.

我希望這可以消除圍繞這些非常相似的錯誤的混淆。

If you found this helpful, or wish to challenge or extend anything raised here, feel free to contact me on Twitter @JacksonBates.

如果您覺得這有幫助，或者希望挑戰(zhàn)或擴展此處提出的任何內容，請隨時通過Twitter @JacksonBates與我聯(lián)系。

翻譯自: https://www.freecodecamp.org/news/http-401-error-vs-http-403-error-status-code-responses-explained/

響應狀態(tài)碼403

總結

以上是生活随笔為你收集整理的响应状态码403_HTTP 401错误与HTTP 403错误–状态码响应说明的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。