tags:

views:

237

answers:

3
+1  Q: 

Browser behavior on 403 Forbidden error

My server returns a 403 forbidden error when a user tries to access a resource that they do not have access to. Along with the header the server also writes a small message describing the error.

In Firefox the error message gets displayed nicely and the user knows what's going on.

In Internet Explorer the message is hidden and replaced with the 403 Forbidden standard error page.

Are there any specific rules that allow me to display an error message across all browsers while still setting the status to 403 Forbidden?

Here is the RFC info on this status:

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

It seems like I should be setting a message but IE just won't display it.

A: 

The implementation of error handling is browser dependent. In HTTP if you are just going to return a 403 error then you have to rely on the user agent (the technical name for the browser, the recipient of your error message may not be a browser) to handle out how it sees fit.

If you don't like how the browsers are handling 403 errors and want to ensure a consistent user experience across all browsers then redirect the user to your own 'permission denied' page. You can build a page that can explain to them why permission was denied and what they might be able to do about it. And it will be consistent for any browser.

james  2009-11-04 16:19:53
+1  A: 

Try making your 403 page larger (i.e. more bytes). Some browsers assume that a short error page is the default page from the web server and decide to show their own, presumably more helpful text.

More info.

Jeremy Stein  2009-11-04 21:46:52
Thanks, this is correct! I eventually figured this out myself last night. I just added an extra long comment to the end of the body. Sometimes IE makes me mad.
Peter D  2009-11-05 12:53:04
A: 

to fix, see this topic.. put it on google traductor and enjoy: http://lucasmsantini.blogspot.com/2010/09/iis-7-e-o-http-error-40314.html

 2010-09-30 03:52:48

related questions

Make Browser Window Blink in Task Bar
Large File Download
Browser's Default CSS
Disable browser 'Save Password' functionality
What's the simplest way to decremement a date in Javascript by 1 day?
Browser scrollbar
Limitations of screen readers.
Version detection with Silverlight
Best way to fix CSS/JS drop-down problem in IE7 when page includes Google Map
Recommendations for browser add-on tools to help with development
Hyperlinks displaced on IE7
Building Standalone Applications in JavaScript
HTML differences between browsers
Browser Sync accross many machines
Getting selected text in a browser, cross-platform.
How to get PNG transparency working in browsers that don't natively support it?
Best WYSIWYG CSS editor?
Javascript events
Preferred way to use favicons?
IE6: To support or not to support.
Getting the text from a drop-down box
Other browsers
Drag and Drop to a hosted Browser control
How can I tell if a web client is blocking ads?
How can I determine a web user's time zone?