aboutsummaryrefslogtreecommitdiff
path: root/src/http/modules/ngx_http_auth_basic_module.c
diff options
context:
space:
mode:
authorMaxim Dounin <mdounin@mdounin.ru>2013-10-18 18:13:49 +0400
committerMaxim Dounin <mdounin@mdounin.ru>2013-10-18 18:13:49 +0400
commita6b7cfe967674267bafb5ed28152a8ad42992cc1 (patch)
tree0862200eafffbd23ced7335ecb53a363e65079ee /src/http/modules/ngx_http_auth_basic_module.c
parent6291a299925e2de2fc7c8793423d62b029ffab92 (diff)
downloadnginx-a6b7cfe967674267bafb5ed28152a8ad42992cc1.tar.gz
nginx-a6b7cfe967674267bafb5ed28152a8ad42992cc1.zip
Fixed "satisfy any" if 403 is returned after 401 (ticket #285).
The 403 (Forbidden) should not overwrite 401 (Unauthorized) as the latter should be returned with the WWW-Authenticate header to request authentication by a client. The problem could be triggered with 3rd party modules and the "deny" directive, or with auth_basic and auth_request which returns 403 (in 1.5.4+). Patch by Jan Marc Hoffmann.
Diffstat (limited to 'src/http/modules/ngx_http_auth_basic_module.c')
0 files changed, 0 insertions, 0 deletions