Browse Source

[mod_auth] send 401 if digest algo not supported

client browsers might remember prior algorithm if algorithm changed;
send 401 Unauthorized to reset client browser
(sending 400 Bad Request was not user friendly)
master
Glenn Strauss 10 months ago
parent
commit
12ac70d0fe
  1. 2
      src/mod_auth.c

2
src/mod_auth.c

@ -1312,7 +1312,7 @@ static handler_t mod_auth_check_digest(request_st * const r, void *p_d, const st
log_error(r->conf.errh, __FILE__, __LINE__,
"digest: (%s): invalid", algorithm);
buffer_free(b);
return mod_auth_send_400_bad_request(r);
return mod_auth_send_401_unauthorized_digest(r, require, 0);
}
/**

Loading…
Cancel
Save