From: David ‘Bombe’ Roden Date: Sun, 8 May 2011 14:55:27 +0000 (+0200) Subject: Return 403 instead of 401, 401 is for HTTP authentication. X-Git-Tag: 0.6.4^2~4 X-Git-Url: https://git.pterodactylus.net/?p=Sone.git;a=commitdiff_plain;h=5d34e89cf36cff92483e172df76ae56db7c19d0c Return 403 instead of 401, 401 is for HTTP authentication. --- diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java index 893b7ae..b027ab8 100644 --- a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java +++ b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java @@ -189,17 +189,17 @@ public abstract class JsonPage implements Page { @Override public Response handleRequest(Request request) { if (webInterface.getCore().getPreferences().isRequireFullAccess() && !request.getToadletContext().isAllowedFullAccess()) { - return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required"))); + return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required"))); } if (needsFormPassword()) { String formPassword = request.getHttpRequest().getParam("formPassword"); if (!webInterface.getFormPassword().equals(formPassword)) { - return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required"))); + return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required"))); } } if (requiresLogin()) { if (getCurrentSone(request.getToadletContext(), false) == null) { - return new Response(401, "Not authorized", "application/json", JsonUtils.format(createErrorJsonObject("auth-required"))); + return new Response(403, "Forbidden", "application/json", JsonUtils.format(createErrorJsonObject("auth-required"))); } } JsonObject jsonObject = createJsonObject(request);