yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1153082] Re: status 403 Not Authorized is not valid

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 29 May 2013 08:47:21 -0000
Reply-to: Bug 1153082 <1153082@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => havana-1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1153082

Title:
  status 403 Not Authorized is not valid

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  Keystone responds to some requests with a status line of 403 Not
  Authorized.  This is not valid HTTP. The status text for 403 should be
  Forbidden, see http://tools.ietf.org/html/rfc2616#section-10.4.4

  Here's an example:

   $ curl -i  -H "X-Auth-Token: $DEMO_TOKEN"  http://localhost:5000/v3/projects ; echo
   HTTP/1.1 403 Not Authorized
   Vary: X-Auth-Token
   Content-Type: application/json
   Content-Length: 144
   Date: Sat, 09 Mar 2013 23:12:28 GMT

   {"error": {"message": "You are not authorized to perform the
  requested action: identity:list_projects", "code": 403, "title": "Not
  Authorized"}}

  This should be:

  $ curl -i  -H "X-Auth-Token: $DEMO_TOKEN"  http://localhost:5000/v3/projects ; echo
  HTTP/1.1 403 Forbidden
  Vary: X-Auth-Token
  Content-Type: application/json
  Content-Length: 144
  Date: Sat, 09 Mar 2013 23:12:28 GMT

  {"error": {"message": "You are not authorized to perform the requested
  action: identity:list_projects", "code": 403, "title": "Forbidden"}}

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1153082/+subscriptions