I’ve been looking for but didn’t find a definitive answer to the following question

Question

0

Editorial Team

Asked: May 29, 20262026-05-29T06:36:03+00:00 2026-05-29T06:36:03+00:00

I’ve been looking for but didn’t find a definitive answer to the following question

0

I’ve been looking for but didn’t find a definitive answer to the following question :

Which would be the correct HTTP status code to send to reject a cross-domain connection attempt?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-29T06:36:04+00:00

I would use the 403 Forbidden, with a correct error message. Because as the RFC says:

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’ve been looking for but didn’t find a definitive answer to the following question

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply