Mercurial > hg > nginx
changeset 5428:fcecb9c6a057
Fixed "satisfy any" if 403 is returned after 401 (ticket #285).
The 403 (Forbidden) should not overwrite 401 (Unauthorized) as the
latter should be returned with the WWW-Authenticate header to request
authentication by a client.
The problem could be triggered with 3rd party modules and the "deny"
directive, or with auth_basic and auth_request which returns 403
(in 1.5.4+).
Patch by Jan Marc Hoffmann.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 18 Oct 2013 18:13:49 +0400 |
parents | 7ed23dcfea3d |
children | e6a1623f87bc |
files | src/http/ngx_http_core_module.c |
diffstat | 1 files changed, 3 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_core_module.c Fri Oct 18 18:13:44 2013 +0400 +++ b/src/http/ngx_http_core_module.c Fri Oct 18 18:13:49 2013 +0400 @@ -1144,7 +1144,9 @@ } if (rc == NGX_HTTP_FORBIDDEN || rc == NGX_HTTP_UNAUTHORIZED) { - r->access_code = rc; + if (r->access_code != NGX_HTTP_UNAUTHORIZED) { + r->access_code = rc; + } r->phase_handler++; return NGX_AGAIN;