aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJonas Schäfer <jonas@wielicki.name>2021-10-19 16:37:32 +0200
committerJonas Schäfer <jonas@wielicki.name>2021-10-19 16:37:32 +0200
commit3e55057a8574af83e42ec96041283111e34ef7d4 (patch)
treef6fc6c61d3b58107e8479cdab96fcf19fa3572d7
parentb6d312547e366147860b5eb8e30b3dfd01df297f (diff)
downloadprosody-3e55057a8574af83e42ec96041283111e34ef7d4.tar.gz
prosody-3e55057a8574af83e42ec96041283111e34ef7d4.zip
mod_http_file_share: return 401 instead of 403 if authentication failed
This is as per the HTTP standards [1]. Thankfully, the REQUIRED www-authenticate header is already generated by the code. [1]: https://datatracker.ietf.org/doc/html/rfc7235#section-3.1
-rw-r--r--plugins/mod_http_file_share.lua2
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua
index 55b24b91..b05dd742 100644
--- a/plugins/mod_http_file_share.lua
+++ b/plugins/mod_http_file_share.lua
@@ -249,7 +249,7 @@ function handle_upload(event, path) -- PUT /upload/:slot
if not authz then
module:log("debug", "Missing or malformed Authorization header");
event.response.headers.www_authenticate = "Bearer";
- return 403;
+ return 401;
end
local authed, upload_info = jwt.verify(secret, authz);
if not (authed and type(upload_info) == "table" and type(upload_info.exp) == "number") then