PHP Send 403 failing?

  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

I'm trying to send a 403 to a browser, which I never really do much, let alone test, but...

PHP Code: [ Select ]
<?php
header('HTTP/1.1 403 Forbidden');
?>
  1. <?php
  2. header('HTTP/1.1 403 Forbidden');
  3. ?>


Just results in a white page? I was expecting a pretty black and white message. I tried on both FireFox and Chrome and see a WSOD. I read that it just normally does that. Is there anyway for it to not? Instead I had to send it a spoofed apache version of a 403 HTML document. But is that reasonable?

This is what I get if I just try to send a 403 header alone. I tried to set cache & expiration headers, but still nothing.
Apache wrote:
HTTP/1.1 403 Forbidden
Date: Tue, 31 Aug 2010 13:04:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html


Am I even doing anything wrong? It'd be nice if browsers these days showed raw HTTP errors from Apache.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13504
  • Loc: Florida

Post 3+ Months Ago

I'm not sure browsers have a default 403 page. :scratchhead:

I send my own 1-2 word message after the header, and include a message in the ErrorDocument line for Apache when it's done there.

I don't think I send 403 responses from scripts, I reserve those for things like directory listings. I send 401 Unauthorized responses from scripts.
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

I guess this thread is kind of pointless, but after what I've seen, I wonder why browsers like Chrome or FireFox just show whitespace instead of something when someone throws out a 404 or a 403, etc...

Amazingly IE does it, I can't say too many good things about that browser though.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13504
  • Loc: Florida

Post 3+ Months Ago

I wonder what would happen if you shaved off as many of the headers as you can. Perhaps the mere presence of that Content-Length header is triggering a "has_own_message" under the browser hood. If I remember right, IE will ignore messages for say, a 404 status if it deems them too short. (512 bytes I believe)

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 51 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.