HTTP 401 -> 403

When the client requests a hidden file, we forbid access.
401 is mostly used when a login is required and hasn't been provided.
Thus, given we don't offer a login-prompt to access hidden and bogus
files but categorically reject them, 403 makes more sense here.
This commit is contained in:
FRIGN 2014-08-11 16:59:27 +02:00
parent 9e2662c5e9
commit ef51cd3355

18
quark.c
View file

@ -25,12 +25,12 @@ char *argv0;
#define MAXBUFLEN 1024 #define MAXBUFLEN 1024
#define MIN(x,y) ((x) < (y) ? (x) : (y)) #define MIN(x,y) ((x) < (y) ? (x) : (y))
#define HttpOk "200 OK" #define HttpOk "200 OK"
#define HttpMoved "301 Moved Permanently" #define HttpMoved "301 Moved Permanently"
#define HttpNotModified "304 Not Modified" #define HttpNotModified "304 Not Modified"
#define HttpUnauthorized "401 Unauthorized" #define HttpForbidden "403 Forbidden"
#define HttpNotFound "404 Not Found" #define HttpNotFound "404 Not Found"
#define texthtml "text/html" #define texthtml "text/html"
enum { enum {
GET = 4, GET = 4,
@ -342,12 +342,12 @@ response(void) {
for (p = reqbuf; *p; p++) for (p = reqbuf; *p; p++)
if (*p == '\\' || (*p == '/' && *(p + 1) == '.')) { /* don't serve bogus or hidden files */ if (*p == '\\' || (*p == '/' && *(p + 1) == '.')) { /* don't serve bogus or hidden files */
if (putresentry(HEADER, HttpUnauthorized, tstamp(0)) if (putresentry(HEADER, HttpForbidden, tstamp(0))
|| putresentry(CONTENTTYPE, texthtml)) || putresentry(CONTENTTYPE, texthtml))
return; return;
status = 401; status = 403;
if (req.type == GET) if (req.type == GET)
writetext("\r\n<html><body>"HttpUnauthorized"</body></html>\r\n"); writetext("\r\n<html><body>"HttpForbidden"</body></html>\r\n");
return; return;
} }
if (cgi_mode) { if (cgi_mode) {