Project

General

Profile

Actions

Bug #85411

closed

Invalid usage of 401 header

Added by Markus Klein over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Authentication
Target version:
-
Start date:
2018-06-27
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
easy
Is Regression:
Sprint Focus:

Description

The 401 header is used within the TYPO3 core in some usages but lacks a proper accompanying "www-authenticate" header, which is required. [1]

A 401 header is only useful in conjunction with an assigned http authschema [2].
One usage in core even sends an invalid www-authenticate header.

Replace all those 401 headers with a 403 header.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401
[2] http://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml

Actions

Also available in: Atom PDF