Bug #55966

If the login is not succesful a 401 header should NOT be used instead of a 200

Added by Michael Knabe over 8 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
felogin
Target version:
Start date:
2014-02-13
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

http://forge.typo3.org/issues/51803 should be reverted as it introduces a Bug instead of fixing anything.
HTTP Status codes are for HTTP and not for the application using it.

Simply sending a 401 status code does not only conflict with RFC 2616 which says

10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a
WWW-Authenticate header field (section 14.47) containing a challenge
applicable to the requested resource.

which fe_login doesn't do, but it also breaks HTTP authentication (tested in Chrome, should work in any RFC compliant Browser).
To reproduce this, place a login box on any site that also requires HTTP-Authentication and try to log in with the wrong credentials. You are not only presented the TYPO3-Login error but also the browser dialog asking you for your HTTP-Credentials.

Affected versions: 4.5 - master


Related issues

Related to TYPO3 Core - Task #51803: 401 response header ClosedGeorg Ringer2013-09-06

Actions
#1

Updated by Gerrit Code Review over 8 years ago

  • Status changed from New to Under Review

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27888

#2

Updated by Gerrit Code Review over 8 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27888

#3

Updated by Gerrit Code Review over 8 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27888

#4

Updated by Gerrit Code Review over 8 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27888

#5

Updated by Gerrit Code Review over 8 years ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27888

#6

Updated by Gerrit Code Review over 8 years ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27888

#7

Updated by Gerrit Code Review over 8 years ago

Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27898

#8

Updated by Gerrit Code Review over 8 years ago

Patch set 1 for branch TYPO3_6-0 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27899

#9

Updated by Gerrit Code Review over 8 years ago

Patch set 1 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27900

#10

Updated by Gerrit Code Review over 8 years ago

Patch set 2 for branch TYPO3_6-0 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27899

#11

Updated by Markus Klein over 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#12

Updated by Benni Mack almost 4 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF