diff options
author | Maxim Dounin <mdounin@mdounin.ru> | 2013-10-18 18:13:49 +0400 |
---|---|---|
committer | Maxim Dounin <mdounin@mdounin.ru> | 2013-10-18 18:13:49 +0400 |
commit | a6b7cfe967674267bafb5ed28152a8ad42992cc1 (patch) | |
tree | 0862200eafffbd23ced7335ecb53a363e65079ee /src/http/modules/ngx_http_auth_basic_module.c | |
parent | 6291a299925e2de2fc7c8793423d62b029ffab92 (diff) | |
download | nginx-a6b7cfe967674267bafb5ed28152a8ad42992cc1.tar.gz nginx-a6b7cfe967674267bafb5ed28152a8ad42992cc1.zip |
Fixed "satisfy any" if 403 is returned after 401 (ticket #285).
The 403 (Forbidden) should not overwrite 401 (Unauthorized) as the
latter should be returned with the WWW-Authenticate header to request
authentication by a client.
The problem could be triggered with 3rd party modules and the "deny"
directive, or with auth_basic and auth_request which returns 403
(in 1.5.4+).
Patch by Jan Marc Hoffmann.
Diffstat (limited to 'src/http/modules/ngx_http_auth_basic_module.c')
0 files changed, 0 insertions, 0 deletions