: 403 or 503 for the page needed to be reviewed by administrator before published? There are some user generated pages on my site. And those pages must be reviewed by the site administrator before

@Jessie594

A good response might be HTTP 401 Not Authorized, as I presume that the site admin has the right credentials to view the page whilst no-one else has.


The request requires user authentication. The response MUST include a
WWW-Authenticate header field (section 14.47) containing a challenge
applicable to the requested resource. The client MAY repeat the
request with a suitable Authorization header field (section 14.8). If
the request already included Authorization credentials, then the 401
response indicates that authorization has been refused for those
credentials. If the 401 response contains the same challenge as the
prior response, and the user agent has already attempted
authentication at least once, then the user SHOULD be presented the
entity that was given in the response, since that entity might include
relevant diagnostic information. HTTP access authentication is
explained in "HTTP Authentication: Basic and Digest Access
Authentication" [43].


That said, another way of dealing with this is : Instead of making the pages unpublished upon changes within the content you could hide the edits within your system until review, so users can still see the unedited pages whilst awaiting review and the pages with full changes upon review. This will save having pages unpublished for weeks at a time when the unedited version could still be useful for viewers.

Vote Up Vote Down

@Yeniel560

The 503 message is only meant for server problems. From the official document:


10.5.4 503 Service Unavailable

The server is currently unable to handle the request due to a
temporary overloading or maintenance of the server.


So 503 would be totally wrong.

The 403 is only partly correct as per definition the requests should not be repeated.


10.4.4 403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated.

If the server does not wish to make the reason for the refusal
available to the client, the status code 404 (Not Found) can be used
instead.


So if you want to make only a small change then better use 404 instead.

But the best solution would be if you would rewrite it more and set a 307 header:


10.3.8 307 Temporary Redirect

The requested resource resides temporarily under a different URI.
Since the redirection MAY be altered on occasion, the client SHOULD
continue to use the Request-URI for future requests. This response is
only cacheable if indicated by a Cache-Control or Expires header
field.


The client would then be temporary redirected to a different page where he/she gets a message that the page is under review. And once it is reviewed the normal page will be given back again.

Instead of 307 you can use 302 for this too.

For more information regarding the status code see the official documentation.

Vote Up Vote Down

@Turnbaugh106

Consider 404.

There's no really right or wrong to your question since both error types you have listed with do the job but ideally if you want things operating the correct way then ideally your CMS should be not publishing the articles at all until you review the articles and click publish.... So the right message should be a simple '404' since the article does not exist on the URL until you have published it.

A 404 indicates that the page does not exist and technically pages that are not live should not exist since you may want the URL changed, or you might not even make the page go live, keeping your page profile clean.

Vote Up Vote Down