[HW4] Error priority regarding CSRF Tokens

Junetrbl commented 3 years ago

Hello. I have a question about the error priority.

In README.md

The priority between error status codes is 405 > 401 > 404 > 403

For all PUT and DELETE requests from non-author, response with 403 (and any information must not be modified).

403 (Forbidden) : Request is forbidden. This should be returned if your request tries to modify resources of which you are not the owner.

However, I found that the error code that I receive in the case of sending a request with an invalid CSRF Token is 403, too. In this case, 403 comes before the other error cases. Is that okay? Or, do I have to modify my error handling rules?

Thank you in advance.

ttoru96 commented 3 years ago

It is okay to have 403 come before the other error status codes in such case.

Junetrbl commented 3 years ago

Thanks a lot!

swsnu / swppfall2021

[HW4] Error priority regarding CSRF Tokens #131