What is the appropriate HTTP status code for a password protected page?

1
votes

What is the appropriate HTTP status code for a password protected page?

If /some-page.html is protected, the login form is presented on that URL; it doesn't redirect to a dedicated login page.

I was thinking 401 would be suitable, but the RFC states:

The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource.

1
authenticationloginhttp-headershttpresponse

1 Answers

2
votes

The HTTP 401 response code makes sense if you're relying on the HTTP protocol to handle your authentication. In you case, you're not. You're relying on data submitted in your HTML page.

In your case, HTTP has done it's job: it's delivered data (the HTML page and form) to the client successfully and a 200 response code is appropriate in this case.