The 403 error is an error that occurs if a user tries to access a restricted page that they do not have the required permissions to access.

On Scratch, the 403 error is indicated to a user in four different ways:

Oh noes!

The "Oh noes!" type 403 error

In the case of the 403 page at scratch.mit.edu/403, the error is announced by a page with the title, “403. Oh noes! Our server is Scratch'ing its head,” which explains the cause for a 403 error, and shows a large, de-saturated image of Scratch Cat. It has not been updated with an image of one of Gobo's Friends, unlike the pages that announce other errors (such as 404 and 500). While this page could be accessed when accessing the backpack[1], it is rarely encountered because in most cases of 403 error, one of the other pages is used.[2][3] Nevertheless, it is indeed used, for example, accessing scratch.mit.edu/educators/classes without a teacher account causes the 403 page to be returned. Many people in the Scratch Discussion Forums have shown support for new art on the page.[4]

Access Denied

An example of the Access Denied style of 403 error

Sometimes, like in the case of the 403 error at scratch.mit.edu/images/, Scratch signals a 403 error very plainly, with a small page titled "403 Forbidden" with the message "Access Denied" on it. This page also features two long strings of disorderly alpha-numeric characters, which change each time the page is visited. This page does not have either version of Scratch's Navigation Bar at the top. One type of place where this 403 page is often found is at URLs formed by joining a valid Scratch page address with some string. For example, when the address scratch.mit.edu/ideas/ is joined with any string, the resulting URLs (like scratch.mit.edu/ideas/weekend) return the "Access Denied" 403 page.

Request aborted

A 'request aborted' 403 error on Scratch

When Scratch's servers get confused about the identity of a user, they might send a 403 error with another type of page. This sort of error page is titled "Forbidden (403)" and contains the message, “CSRF verification failed. Request aborted.” The background of this page is a combination of a light gray and a bright yellow, and always uses sans-serif font, and the Navigation Bar is missing on this type of page as well. This page can appear after there is an error trying to log in, or if a Scratcher's cookies change while they are trying to make a Forum post.

This error comes from the Python web framework Django,[5] which is used in the Discussion Forums and pages that use a Scratch-2.0 style.

Browser Default

The default 403 error page on Google Chrome

The majority of the times Scratch sends a 403 error, the Scratcher who tried to view the forbidden page will not receive any document from Scratch's servers. Instead, their Internet browser will fail to load the page, and will usually show a default error page which that browser uses for all such errors on all websites. This type of 403 error is found when restricted Forums, Topics and Posts are requested.

See Also

References

  1. scratch:internalapi/backpack/kaj/get/: attempting to see the contents of kaj's (or anyone's) backpack used to create the "Oh noes!" 403 page, but now it creates the 500 Error page.
  2. scratch:discuss/2/, the moderators-only Dustbin forum, shows a browser error
  3. scratch:static/: shows an Access Denied error, as well as scratch:secret/
  4. "New art for 403" topic:312502
  5. https://github.com/django/django/blob/1024b5e74a7166313ad4e4975a15e90dccd3ec5f/django/views/csrf.py#L111
Cookies help us deliver our services. By using our services, you agree to our use of cookies.