Stream: inferno
Topic: AVR Limited scope tests
James Threatte (May 18 2021 at 04:56):
Hello @Robert Scanlon
The AVR restricted access tests in Inferno require a 401 Unauthorized response. Is 403 Forbidden acceptable for AVR-03, AVR-04, AVR-05, AVR-07 through AVR-12 and AVR-14?
Robert Scanlon (May 18 2021 at 13:28):
It should already allow either 401 or 403. Is it failing you if you send a 403 (when the test expects the resource to be denied)? From the AVR tests description:
If the tester chooses to not grant access to a resource, the queries associated with that resource must result in either a 401 (Unauthorized) or 403 (Forbidden) status code.
James Threatte (May 18 2021 at 19:38):
Robert Scanlon said:
It should already allow either 401 or 403. Is it failing you if you send a 403 (when the test expects the resource to be denied)? From the AVR tests description:
If the tester chooses to not grant access to a resource, the queries associated with that resource must result in either a 401 (Unauthorized) or 403 (Forbidden) status code.
Great thank you
Last updated: Apr 12 2022 at 19:14 UTC
