Open nbarbettini opened 8 years ago
We return 401 Unauthorized for protected routes (such as /me), and presumably for any routes that are protected by a requireAuthorization helper/filter.
401 Unauthorized
/me
requireAuthorization
According to RFC 2616,
The [401] response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource.
This is likely low-prio/icebox, but I wanted to get it on the radar to discuss.
+1 - we should always adhere to the HTTP spec. FWIW, this is the current spec:
https://tools.ietf.org/html/rfc7235#section-4.1
We return
401 Unauthorized
for protected routes (such as/me
), and presumably for any routes that are protected by arequireAuthorization
helper/filter.According to RFC 2616,
This is likely low-prio/icebox, but I wanted to get it on the radar to discuss.