Before FastAPI version `0.122.0`, when the integrated security utilities returned an error to the client after a failed authentication, they used the HTTP status code `403 Forbidden`.

# 이전 403 인증 오류 상태 코드 사용하기 { #use-old-403-authentication-error-status-codes }

FastAPI 버전 `0.122.0` 이전에는, 통합 보안 유틸리티가 인증 실패 후 클라이언트에 오류를 반환할 때 HTTP 상태 코드 `403 Forbidden`을 사용했습니다.

FastAPI 버전 `0.122.0`부터는 더 적절한 HTTP 상태 코드 `401 Unauthorized`를 사용하며, HTTP 명세인 [RFC 7235](https://datatracker.ietf.org/doc/html/rfc7235#section-3.1), [RFC 9110](https://datatracker.ietf.org/doc/html/rfc9110#name-401-unauthorized)를 따라 응답에 합리적인 `WWW-Authenticate` 헤더를 반환합니다.

# 使用舊的 403 身分驗證錯誤狀態碼 { #use-old-403-authentication-error-status-codes }

在 FastAPI 版本 `0.122.0` 之前，當內建的安全工具在身分驗證失敗後回傳錯誤給用戶端時，會使用 HTTP 狀態碼 `403 Forbidden`。

從 FastAPI 版本 `0.122.0` 起，改為使用更合適的 HTTP 狀態碼 `401 Unauthorized`，並在回應中依據 HTTP 規範加上合理的 `WWW-Authenticate` 標頭，參考 [RFC 7235](https://datatracker.ietf.org/doc/html/rfc7235#section-3.1)、[RFC 9110](https://datatracker.ietf.org/doc/html/rfc9110#name-401-unauthorized)。

# 古い 403 認証エラーのステータスコードを使う { #use-old-403-authentication-error-status-codes }

FastAPI バージョン `0.122.0` より前は、統合されたセキュリティユーティリティが認証に失敗してクライアントへエラーを返す際、HTTP ステータスコード `403 Forbidden` を使用していました。

FastAPI バージョン `0.122.0` 以降では、より適切な HTTP ステータスコード `401 Unauthorized` を使用し、HTTP 仕様に従ってレスポンスに妥当な `WWW-Authenticate` ヘッダーを含めます。[RFC 7235](https://datatracker.ietf.org/doc/html/rfc7235#section-3.1), [RFC 9110](https://datatracker.ietf.org/doc/html/rfc9110#name-401-unauthorized)。

# 使用旧的 403 认证错误状态码 { #use-old-403-authentication-error-status-codes }

在 FastAPI `0.122.0` 版本之前，当内置的安全工具在认证失败后向客户端返回错误时，会使用 HTTP 状态码 `403 Forbidden`。

从 FastAPI `0.122.0` 版本开始，它们改用更合适的 HTTP 状态码 `401 Unauthorized`，并在响应中返回合理的 `WWW-Authenticate` 头，遵循 HTTP 规范，[RFC 7235](https://datatracker.ietf.org/doc/html/rfc7235#section-3.1)、[RFC 9110](https://datatracker.ietf.org/doc/html/rfc9110#name-401-unauthorized)。

    assertEscaping(xmlEscaper, "\uFFFD", '\uFFFE');
    assertEscaping(xmlEscaper, "\uFFFD", '\uFFFF');

    assertWithMessage("0xFFFE is forbidden and should be replaced during escaping")
        .that(xmlEscaper.escape("[\ufffe]"))
        .isEqualTo("[\uFFFD]");
    assertWithMessage("0xFFFF is forbidden and should be replaced during escaping")
        .that(xmlEscaper.escape("[\uffff]"))
        .isEqualTo("[\uFFFD]");
  }

    <property name="id" value="EmptyJavadoc" />
    <property name="format" value="\/\*[\s\*]*\*\/" />
    <property name="fileExtensions" value="java" />
    <property name="message" value="Empty javadoc comments are forbidden" />
  </module>

  <!--
    We include snippets that are wrapped in `// tag` and `// end` into the
    docs, stripping the leading spaces. If the context is wider than 76

org.eclipse.jdt.core.formatter.tabulation.char=space
org.eclipse.jdt.core.formatter.tabulation.size=4

# Silence warnings about references to jdk internals. We intentionally use some
# and have much tighter control of the warnings in the forbidden APIs gradle
# task which is the definitive list of allowed references.
org.eclipse.jdt.core.compiler.problem.forbiddenReference=ignore

    /**
     * The HTTP status code for Bad Request.
     */
    public static final int BAD_REQUEST_STATUS_CODE = 400;

    /**
     * The HTTP status code for Forbidden.
     */
    public static final int FORBIDDEN_STATUS_CODE = 403;

    /**
     * The HTTP status code for Not Found.
     */
    public static final int NOT_FOUND_STATUS_CODE = 404;

    /**

            sendRateLimitResponse(httpResponse, rateLimitHelper.getRetryAfterSeconds());
            return;
        }

        chain.doFilter(request, response);
    }

    /**
     * Send a 403 Forbidden response for blocked IPs.
     * @param response the HTTP response
     * @throws IOException if an I/O error occurs
     */
    protected void sendBlockedResponse(final HttpServletResponse response) throws IOException {