HTTP 401 -> 403

When the client requests a hidden file, we forbid access. 401 is mostly used when a login is required and hasn't been provided. Thus, given we don't offer a login-prompt to access hidden and bogus files but categorically reject them, 403 makes more sense here.
2014-08-11 16:59:27 +02:00 · 2014-08-11 16:59:27 +02:00 · ef51cd3355
commit ef51cd3355
parent 9e2662c5e9
1 changed files with 9 additions and 9 deletions
--- a/quark.c
+++ b/quark.c
@ -25,12 +25,12 @@ char *argv0;
 #define MAXBUFLEN  1024
 #define MIN(x,y)   ((x) < (y) ? (x) : (y))

-#define HttpOk           "200 OK"
-#define HttpMoved        "301 Moved Permanently"
-#define HttpNotModified  "304 Not Modified"
-#define HttpUnauthorized "401 Unauthorized"
-#define HttpNotFound     "404 Not Found"
-#define texthtml         "text/html"
+#define HttpOk          "200 OK"
+#define HttpMoved       "301 Moved Permanently"
+#define HttpNotModified "304 Not Modified"
+#define HttpForbidden   "403 Forbidden"
+#define HttpNotFound    "404 Not Found"
+#define texthtml        "text/html"

 enum {
 	GET  = 4,
@ -342,12 +342,12 @@ response(void) {

 	for (p = reqbuf; *p; p++)
 		if (*p == '\\' || (*p == '/' && *(p + 1) == '.')) { /* don't serve bogus or hidden files */
-			if (putresentry(HEADER, HttpUnauthorized, tstamp(0))
+			if (putresentry(HEADER, HttpForbidden, tstamp(0))
 			 || putresentry(CONTENTTYPE, texthtml))
 				return;
-			status = 401;
+			status = 403;
 			if (req.type == GET)
-				writetext("\r\n<html><body>"HttpUnauthorized"</body></html>\r\n");
+				writetext("\r\n<html><body>"HttpForbidden"</body></html>\r\n");
 			return;
 		}
 	if (cgi_mode) {