From 5d34e89cf36cff92483e172df76ae56db7c19d0c Mon Sep 17 00:00:00 2001
From: =?utf8?q?David=20=E2=80=98Bombe=E2=80=99=20Roden?=
 <bombe@pterodactylus.net>
Date: Sun, 8 May 2011 16:55:27 +0200
Subject: [PATCH] Return 403 instead of 401, 401 is for HTTP authentication.

---
 src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
index 893b7ae..b027ab8 100644
--- a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
@@ -189,17 +189,17 @@ public abstract class JsonPage implements Page {
 	@Override
 	public Response handleRequest(Request request) {
 		if (webInterface.getCore().getPreferences().isRequireFullAccess() && !request.getToadletContext().isAllowedFullAccess()) {
-			return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
+			return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
 		}
 		if (needsFormPassword()) {
 			String formPassword = request.getHttpRequest().getParam("formPassword");
 			if (!webInterface.getFormPassword().equals(formPassword)) {
-				return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
+				return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
 			}
 		}
 		if (requiresLogin()) {
 			if (getCurrentSone(request.getToadletContext(), false) == null) {
-				return new Response(401, "Not authorized", "application/json", JsonUtils.format(createErrorJsonObject("auth-required")));
+				return new Response(403, "Forbidden", "application/json", JsonUtils.format(createErrorJsonObject("auth-required")));
 			}
 		}
 		JsonObject jsonObject = createJsonObject(request);
-- 
2.7.4