Mercurial > hg > nginx
comparison src/http/ngx_http_core_module.c @ 5428:fcecb9c6a057
Fixed "satisfy any" if 403 is returned after 401 (ticket #285).
The 403 (Forbidden) should not overwrite 401 (Unauthorized) as the
latter should be returned with the WWW-Authenticate header to request
authentication by a client.
The problem could be triggered with 3rd party modules and the "deny"
directive, or with auth_basic and auth_request which returns 403
(in 1.5.4+).
Patch by Jan Marc Hoffmann.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 18 Oct 2013 18:13:49 +0400 |
| parents | fbaae7d1c033 |
| children | 8f2c69418045 |
comparison
equal
deleted
inserted
replaced
| 5427:7ed23dcfea3d | 5428:fcecb9c6a057 |
|---|---|
| 1142 r->phase_handler = ph->next; | 1142 r->phase_handler = ph->next; |
| 1143 return NGX_AGAIN; | 1143 return NGX_AGAIN; |
| 1144 } | 1144 } |
| 1145 | 1145 |
| 1146 if (rc == NGX_HTTP_FORBIDDEN || rc == NGX_HTTP_UNAUTHORIZED) { | 1146 if (rc == NGX_HTTP_FORBIDDEN || rc == NGX_HTTP_UNAUTHORIZED) { |
| 1147 r->access_code = rc; | 1147 if (r->access_code != NGX_HTTP_UNAUTHORIZED) { |
| 1148 r->access_code = rc; | |
| 1149 } | |
| 1148 | 1150 |
| 1149 r->phase_handler++; | 1151 r->phase_handler++; |
| 1150 return NGX_AGAIN; | 1152 return NGX_AGAIN; |
| 1151 } | 1153 } |
| 1152 } | 1154 } |