What is the best HTTP status code for blocked user profile in rails api?
Question
I wrote an API for social app in Rails. This app likes Facebook, users can block other users. If user A block user B, user B can't view profile page of user A. So what is the best HTTP code status I should return: 404, 403, 204 or 200(render nothing) ?
2 answers
solution1
6 ACCPTED 2016-12-26 14:44:28
I much prefer to use 403 Forbidden
The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).
If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.
An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of 404 (Not Found).
solution2
0 2016-12-26 17:16:57
A best practice for this is 403 , however doing so will expose the fact that user has been blocked. If you don't want that, you can return 404 . Github, as an example, for unauthorized access to private repos always returns 404 .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.