HTTP status response code on login error

Discussions and requests related to new CMSimple features, plugins, templates etc. and how to develop.
Please don't ask for support at this forums!
Post Reply
cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:
Contact cmb

HTTP status response code on login error

Post by cmb » Fri Sep 07, 2012 11:03 am

Hello Community,

on login error CMSimple_XH responds with "401 Unauthorized". But RFC 2616 states:
10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a
WWW-Authenticate header field (section 14.47) containing a challenge
applicable to the requested resource.
As a WWW-Authenticate header field would be not reasonable for security_type "page" or "javascript", this should better be changed to a "403 Forbidden" response.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH
Top
svasti
Posts: 1660
Joined: Wed Dec 17, 2008 5:08 pm

Re: HTTP status response code on login error

Post by svasti » Tue Sep 11, 2012 7:44 pm

cmb wrote:this should better be changed to a "403 Forbidden"
*1
Top
Post Reply

Return to “Open Development”