HTTP 401 -> 403
When the client requests a hidden file, we forbid access. 401 is mostly used when a login is required and hasn't been provided. Thus, given we don't offer a login-prompt to access hidden and bogus files but categorically reject them, 403 makes more sense here.
This commit is contained in:
FRIGN
parent
9e2662c5e9
commit
ef51cd3355
1 changed files with 9 additions and 9 deletions
8
quark.c
8
quark.c
|
|
@ -28,7 +28,7 @@ char *argv0;
|
|||
#define HttpOk "200 OK"
|
||||
#define HttpMoved "301 Moved Permanently"
|
||||
#define HttpNotModified "304 Not Modified"
|
||||
#define HttpUnauthorized "401 Unauthorized"
|
||||
#define HttpForbidden "403 Forbidden"
|
||||
#define HttpNotFound "404 Not Found"
|
||||
#define texthtml "text/html"
|
||||
|
||||
|
|
@ -342,12 +342,12 @@ response(void) {
|
|||
|
||||
for (p = reqbuf; *p; p++)
|
||||
if (*p == '\\' || (*p == '/' && *(p + 1) == '.')) { /* don't serve bogus or hidden files */
|
||||
if (putresentry(HEADER, HttpUnauthorized, tstamp(0))
|
||||
if (putresentry(HEADER, HttpForbidden, tstamp(0))
|
||||
|| putresentry(CONTENTTYPE, texthtml))
|
||||
return;
|
||||
status = 401;
|
||||
status = 403;
|
||||
if (req.type == GET)
|
||||
writetext("\r\n<html><body>"HttpUnauthorized"</body></html>\r\n");
|
||||
writetext("\r\n<html><body>"HttpForbidden"</body></html>\r\n");
|
||||
return;
|
||||
}
|
||||
if (cgi_mode) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue