Mercurial > hg > nginx
comparison src/http/ngx_http_core_module.c @ 5428:fcecb9c6a057
Fixed "satisfy any" if 403 is returned after 401 (ticket #285).
The 403 (Forbidden) should not overwrite 401 (Unauthorized) as the
latter should be returned with the WWW-Authenticate header to request
authentication by a client.
The problem could be triggered with 3rd party modules and the "deny"
directive, or with auth_basic and auth_request which returns 403
(in 1.5.4+).
Patch by Jan Marc Hoffmann.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 18 Oct 2013 18:13:49 +0400 |
parents | fbaae7d1c033 |
children | 8f2c69418045 |
comparison
equal
deleted
inserted
replaced
5427:7ed23dcfea3d | 5428:fcecb9c6a057 |
---|---|
1142 r->phase_handler = ph->next; | 1142 r->phase_handler = ph->next; |
1143 return NGX_AGAIN; | 1143 return NGX_AGAIN; |
1144 } | 1144 } |
1145 | 1145 |
1146 if (rc == NGX_HTTP_FORBIDDEN || rc == NGX_HTTP_UNAUTHORIZED) { | 1146 if (rc == NGX_HTTP_FORBIDDEN || rc == NGX_HTTP_UNAUTHORIZED) { |
1147 r->access_code = rc; | 1147 if (r->access_code != NGX_HTTP_UNAUTHORIZED) { |
1148 r->access_code = rc; | |
1149 } | |
1148 | 1150 |
1149 r->phase_handler++; | 1151 r->phase_handler++; |
1150 return NGX_AGAIN; | 1152 return NGX_AGAIN; |
1151 } | 1153 } |
1152 } | 1154 } |