Welcome! Log In Create A New Profile

[nginx] Fixed "satisfy any" if 403 is returned after 401 (ticket...

Forum List Message List New Topic Print View

Maxim Dounin

October 18, 2013 10:18AM

details: http://hg.nginx.org/nginx/rev/fcecb9c6a057
branches:
changeset: 5428:fcecb9c6a057
user: Maxim Dounin <mdounin@mdounin.ru>
date: Fri Oct 18 18:13:49 2013 +0400
description:
Fixed "satisfy any" if 403 is returned after 401 (ticket #285).

The 403 (Forbidden) should not overwrite 401 (Unauthorized) as the
latter should be returned with the WWW-Authenticate header to request
authentication by a client.

The problem could be triggered with 3rd party modules and the "deny"
directive, or with auth_basic and auth_request which returns 403
(in 1.5.4+).

Patch by Jan Marc Hoffmann.

diffstat:

src/http/ngx_http_core_module.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)

diffs (14 lines):

diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -1144,7 +1144,9 @@ ngx_http_core_access_phase(ngx_http_requ
}

if (rc == NGX_HTTP_FORBIDDEN || rc == NGX_HTTP_UNAUTHORIZED) {
- r->access_code = rc;
+ if (r->access_code != NGX_HTTP_UNAUTHORIZED) {
+ r->access_code = rc;
+ }

r->phase_handler++;
return NGX_AGAIN;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] Fixed "satisfy any" if 403 is returned after 401 (ticket...	Maxim Dounin	905	October 18, 2013 10:18AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 162

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018