Software / code / prosody
Changeset
11853:ae5ac9830add
mod_http_file_share: return 401 instead of 403 if authentication failed
This is as per the HTTP standards [1]. Thankfully, the REQUIRED
www-authenticate header is already generated by the code.
[1]: https://datatracker.ietf.org/doc/html/rfc7235#section-3.1
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Tue, 19 Oct 2021 16:37:32 +0200 |
| parents | 11852:71266f43699d |
| children | 11854:b605cbd5f13b |
| files | plugins/mod_http_file_share.lua |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_http_file_share.lua Sun Oct 17 17:07:29 2021 +0200 +++ b/plugins/mod_http_file_share.lua Tue Oct 19 16:37:32 2021 +0200 @@ -249,7 +249,7 @@ if not authz then module:log("debug", "Missing or malformed Authorization header"); event.response.headers.www_authenticate = "Bearer"; - return 403; + return 401; end local authed, upload_info = jwt.verify(secret, authz); if not (authed and type(upload_info) == "table" and type(upload_info.exp) == "number") then
