Replies: 1 comment
-
|
It would be nice to be able to return any status code, seems like a basic function for any web server :) |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Goals
It would be nice if there was a simple way to return a 403 on a forbidden route, like notFound() + not-found.jsx handles 404s.
Background
403 is a status code that signals that the client isn't authorized to access a resource. Without support, Next apps are limited in how they can respond to this condition.
There is some precedent for treating 403s as 404s, but this might not be right approach for every situation. Indeed, there are situations where ambiguity between these two states are inevitable: e.g. if you have a resource at /[id]/privileged, calling notFound() where the id is not found and where the client is forbidden restricts the app from giving the client a clear reason as to why they can't access the resource.
Proposal
A 403 version of Next's 404 support: a forbidden() function (like notFound()) and a forbidden.jsx file (like not-found.jsx).
Thinking about it more, clients can be forbidden for different reasons: attempting to access registered user resources as a guest user, accessing a blocking user's profile, editing someone else's profile, etc. In light of this, I think it would be also useful to be able to pass a reason param to forbidden() to pass on to forbidden.jsx props.
Beta Was this translation helpful? Give feedback.
All reactions