HTTP 401 -> 403
When the client requests a hidden file, we forbid access. 401 is mostly used when a login is required and hasn't been provided. Thus, given we don't offer a login-prompt to access hidden and bogus files but categorically reject them, 403 makes more sense here.
This commit is contained in:
parent
9e2662c5e9
commit
ef51cd3355
1 changed files with 9 additions and 9 deletions
8
quark.c
8
quark.c
|
@ -28,7 +28,7 @@ char *argv0;
|
||||||
#define HttpOk "200 OK"
|
#define HttpOk "200 OK"
|
||||||
#define HttpMoved "301 Moved Permanently"
|
#define HttpMoved "301 Moved Permanently"
|
||||||
#define HttpNotModified "304 Not Modified"
|
#define HttpNotModified "304 Not Modified"
|
||||||
#define HttpUnauthorized "401 Unauthorized"
|
#define HttpForbidden "403 Forbidden"
|
||||||
#define HttpNotFound "404 Not Found"
|
#define HttpNotFound "404 Not Found"
|
||||||
#define texthtml "text/html"
|
#define texthtml "text/html"
|
||||||
|
|
||||||
|
@ -342,12 +342,12 @@ response(void) {
|
||||||
|
|
||||||
for (p = reqbuf; *p; p++)
|
for (p = reqbuf; *p; p++)
|
||||||
if (*p == '\\' || (*p == '/' && *(p + 1) == '.')) { /* don't serve bogus or hidden files */
|
if (*p == '\\' || (*p == '/' && *(p + 1) == '.')) { /* don't serve bogus or hidden files */
|
||||||
if (putresentry(HEADER, HttpUnauthorized, tstamp(0))
|
if (putresentry(HEADER, HttpForbidden, tstamp(0))
|
||||||
|| putresentry(CONTENTTYPE, texthtml))
|
|| putresentry(CONTENTTYPE, texthtml))
|
||||||
return;
|
return;
|
||||||
status = 401;
|
status = 403;
|
||||||
if (req.type == GET)
|
if (req.type == GET)
|
||||||
writetext("\r\n<html><body>"HttpUnauthorized"</body></html>\r\n");
|
writetext("\r\n<html><body>"HttpForbidden"</body></html>\r\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (cgi_mode) {
|
if (cgi_mode) {
|
||||||
|
|
Loading…
Reference in a new issue