Reputation: 24224
What is the appropriate HTTP status code for a password protected page?
What is the appropriate HTTP status code for a password protected page?
If /some-page.html is protected, the login form is presented on that URL; it doesn't redirect to a dedicated login page.
I was thinking 401 would be suitable, but the RFC states:
The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource.
Upvotes: 2
Views: 735
Answers (1)
Reputation: 4583
The HTTP 401 response code makes sense if you're relying on the HTTP protocol to handle your authentication. In you case, you're not. You're relying on data submitted in your HTML page.
In your case, HTTP has done it's job: it's delivered data (the HTML page and form) to the client successfully and a 200 response code is appropriate in this case.
Upvotes: 2
Related Questions
- What HTTP code should I use for a third party authentication failure?
- What is correct HTTP status code when redirecting to a login page?
- Which HTTP status code is appropriate for this situation?
- What WWW-Authenticate header should a http server return in a 401 response when using form-based authentication?
- What HTTP status code return when user needs to be UNAUTHORIZED to access page
- Correct HTTP status code for login form?
- Friendly HTTP 401 Status Code Message?
- HTTP 401 - what's an appropriate WWW-Authenticate header value?
- Alternative to HTTP Status Code 401?
- REST http status code for content that needs authentication?