Bug #85411: Invalid usage of 401 header - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #85411

closed

Invalid usage of 401 header

Added by Markus Klein over 6 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Markus Klein

Category:

Authentication

Target version:

Start date:

2018-06-27

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

easy

Is Regression:

Sprint Focus:

Description

The 401 header is used within the TYPO3 core in some usages but lacks a proper accompanying "www-authenticate" header, which is required. [1]

A 401 header is only useful in conjunction with an assigned http authschema [2].
One usage in core even sends an invalid www-authenticate header.

Replace all those 401 headers with a 403 header.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401
[2] http://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml

Actions

Copy link

Updated by Gerrit Code Review over 6 years ago

Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57399

Actions

Copy link

Updated by Gerrit Code Review over 6 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57399

Actions

Copy link

Updated by Markus Klein about 6 years ago

Status changed from Under Review to Resolved
% Done changed from 0 to 100

Applied in changeset 109d485241fffaa59599502ea60daa7a75b5c790.

Actions

Copy link

Updated by Gerrit Code Review about 6 years ago

Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58244

Actions

Copy link