Bird
0
0

Why does DRF return 403 Forbidden instead of 401 Unauthorized when a user is authenticated but lacks permission?

hard📝 Conceptual Q10 of 15
Django - DRF Advanced Features
Why does DRF return 403 Forbidden instead of 401 Unauthorized when a user is authenticated but lacks permission?
A401 is only for admin users
B401 means unauthenticated; 403 means authenticated but forbidden
C403 is returned for all errors in DRF
D403 means the user is anonymous
Step-by-Step Solution
Solution:

  1. Step 1: Understand HTTP status codes meaning

    401 Unauthorized means user is not authenticated. 403 Forbidden means user is authenticated but not allowed.

  2. Step 2: Match DRF behavior to codes

    DRF returns 403 when permission denies access despite authentication.

  3. Final Answer:

    401 means unauthenticated; 403 means authenticated but forbidden -> Option B

  4. Quick Check:

    Authenticated but no permission = 403 Forbidden [OK]
Quick Trick: 401 = unauthenticated, 403 = authenticated but denied [OK]
Common Mistakes:
MISTAKES
  • Confusing 401 and 403 meanings
  • Assuming 403 is for anonymous users
  • Thinking 401 applies to all errors

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Django Quizzes
Async Django - When async helps and when it does not - Quiz 12easy Async Django - Why async matters in Django - Quiz 6medium Caching - Cache backends (memory, Redis, Memcached) - Quiz 11easy Caching - Why caching matters for performance - Quiz 12easy DRF Advanced Features - Nested serializers - Quiz 9hard DRF Advanced Features - Why advanced DRF features matter - Quiz 6medium DRF Advanced Features - Filtering with django-filter - Quiz 10hard Deployment and Production - Monitoring and error tracking - Quiz 2easy Django REST Framework Basics - Why DRF matters for APIs - Quiz 11easy Security Best Practices - Why Django security matters - Quiz 4medium