The 403 error is an error that occurs if a user tries to access a restricted page that they do not have the required permissions to access.
On Scratch, the 403 error is indicated to a user in four different ways:
Oh noes!
In the case of the 403 page at scratch.mit.edu/403, the error is announced by a page with the title, “403. Oh noes! Our server is Scratch'ing its head,” which explains the cause for a 403 error, and shows a large, de-saturated image of Scratch Cat. It has not been updated with an image of one of Gobo's Friends, unlike the pages that announce other errors (such as 404 and 500). This page could be accessed when accessing the backpack[1], and it was rarely encountered because in most cases of 403 error, one of the other pages was used.[2] This changed on the 9th of July 2024, when the forums were updated to use this error page.[3] It is also used in other places, for example, accessing scratch.mit.edu/educators/classes without a teacher account causes the 403 page to be returned. Many people in the Scratch Discussion Forums have shown support for new art on the page.[4]
Access Denied
Sometimes, like in the case of the 403 error at scratch.mit.edu/images/, Scratch signals a 403 error very plainly, with a small page titled "403 Forbidden" with the message "Access Denied" on it. This page also features two long strings of disorderly alpha-numeric characters, which change each time the page is visited. This page does not have either version of Scratch's Navigation Bar at the top. One type of place where this 403 page is often found is at URLs formed by joining a valid Scratch page address with some string. For example, when the address scratch.mit.edu/ideas/ is joined with any string, the resulting URLs (like scratch.mit.edu/ideas/weekend) return the "Access Denied" 403 page.
Request aborted
When Scratch's servers get confused about the identity of a user, they might send a 403 error with another type of page. This sort of error page is titled "Forbidden (403)" and contains the message, “CSRF verification failed. Request aborted.” The background of this page is a combination of a light gray and a bright yellow, and always uses sans-serif font, and the Navigation Bar is missing on this type of page as well. This page can appear after there is an error trying to log in, or if a Scratcher's cookies change while they are trying to make a Forum post.
This error comes from the Python web framework Django,[5] which is used in the Discussion Forums and pages that use a Scratch-2.0 style.
Browser Default
Before the forum update on the 9th of July 2024, the majority of the times Scratch sent a 403 error, the Scratcher who tried to view the forbidden page would not receive any document from Scratch's servers. Instead, their Internet browser would fail to load the page, and would usually show a default error page which that browser uses for all such errors on all websites. This type of 403 error was found when restricted Forums, Topics and Posts are requested. However, after the previously mentioned update, it started showing the "Oh noes!" 403 error, and this error seemed to go unused.
See Also
References
- ↑ scratch:internalapi/backpack/kaj/get/: attempting to see the contents of kaj's (or anyone's) backpack used to create the "Oh noes!" 403 page, but now it creates the 500 Error page.
- ↑ scratch:static/: shows an Access Denied error, as well as scratch:secret/
- ↑ scratch:discuss/2/, the moderators-only Dustbin forum, shows the proper 403 error page
- ↑ "New art for 403" topic:312502
- ↑ https://github.com/django/django/blob/1024b5e74a7166313ad4e4975a15e90dccd3ec5f/django/views/csrf.py#L111