Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_file_share: return 401 instead of 403 if authentication failed
authorJonas Schäfer <jonas@wielicki.name>
Tue, 19 Oct 2021 16:37:32 +0200
changeset 11857 ae5ac9830add
parent 11856 71266f43699d
child 11858 b605cbd5f13b
mod_http_file_share: return 401 instead of 403 if authentication failed This is as per the HTTP standards [1]. Thankfully, the REQUIRED www-authenticate header is already generated by the code. [1]: https://datatracker.ietf.org/doc/html/rfc7235#section-3.1
plugins/mod_http_file_share.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_http_file_share.lua	Sun Oct 17 17:07:29 2021 +0200
+++ b/plugins/mod_http_file_share.lua	Tue Oct 19 16:37:32 2021 +0200
@@ -249,7 +249,7 @@
 	if not authz then
 		module:log("debug", "Missing or malformed Authorization header");
 		event.response.headers.www_authenticate = "Bearer";
-		return 403;
+		return 401;
 	end
 	local authed, upload_info = jwt.verify(secret, authz);
 	if not (authed and type(upload_info) == "table" and type(upload_info.exp) == "number") then
prosody