We're updating the issue view to help you get more done. 

Unauthorized User returns 401 instead of 403

Description

In the rest service whether authentication fails or authorization fails, the same error is raised via raise_unauthorized_user_error of the manager_rest.app_logging package. This aborts the request with a 401 status code which indeed is Unauthorized, however, this causes the browser to prompt for login details.

This is an appropriate response for an unauthenticated request but not truly for an unauthorized request in which case the rest service should be returning 403 Forbidden (HTTP status code names are a bit messed up in this instance).

Status

Assignee

Omer Duskin

Reporter

Anika Lindemann

Labels

None

Severity

None

Bug Type

None

Target Version

None

Severity

None

Fix versions

Affects versions

4.1.1