mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 13:47:41 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_http_file_share: return 401 instead of 403 if authentication failed

Browse source 
This is as per the HTTP standards [1]. Thankfully, the REQUIRED
www-authenticate header is already generated by the code.

   [1]: https://datatracker.ietf.org/doc/html/rfc7235#section-3.1
This commit is contained in:
Jonas Schäfer 2021-10-19 16:37:32 +02:00
parent b6d312547e
commit 3e55057a85
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/mod_http_file_share.lua
View file

@ -249,7 +249,7 @@ function handle_upload(event, path) -- PUT /upload/:slot
if not authz then
module:log("debug", "Missing or malformed Authorization header");
event.response.headers.www_authenticate = "Bearer";
return 403;
return 401;
end
local authed, upload_info = jwt.verify(secret, authz);
if not (authed and type(upload_info) == "table" and type(upload_info.exp) == "number") then