commit ef51cd3355fa5f909bcc27b895086b13b29af231
Author: FRIGN <[email protected]>
Date: Mon Aug 11 16:59:27 2014 +0200
HTTP 401 -> 403
When the client requests a hidden file, we forbid access.
401 is mostly used when a login is required and hasn't been provided.
Thus, given we don't offer a login-prompt to access hidden and bogus
files but categorically reject them, 403 makes more sense here.
diff --git a/quark.c b/quark.c
index 9002424..30bff89 100644
--- a/quark.c
+++ b/quark.c
@@ -25,12 +25,12 @@ char *argv0;
#define MAXBUFLEN 1024
#define MIN(x,y) ((x) < (y) ? (x) : (y))
-#define HttpOk "200 OK"
-#define HttpMoved "301 Moved Permanently"
-#define HttpNotModified "304 Not Modified"
-#define HttpUnauthorized "401 Unauthorized"
-#define HttpNotFound "404 Not Found"
-#define texthtml "text/html"
+#define HttpOk "200 OK"
+#define HttpMoved "301 Moved Permanently"
+#define HttpNotModified "304 Not Modified"
+#define HttpForbidden "403 Forbidden"
+#define HttpNotFound "404 Not Found"
+#define texthtml "text/html"
enum {
GET = 4,
@@ -342,12 +342,12 @@ response(void) {
for (p = reqbuf; *p; p++)
if (*p == '\' || (*p == '/' && *(p + 1) == '.')) { /* don't
serve bogus or hidden files */
- if (putresentry(HEADER, HttpUnauthorized, tstamp(0))
+ if (putresentry(HEADER, HttpForbidden, tstamp(0))
|| putresentry(CONTENTTYPE, texthtml))
return;
- status = 401;
+ status = 403;
if (req.type == GET)
- writetext("
<html><body>"HttpUnauthorized"</body></html>
");
+ writetext("
<html><body>"HttpForbidden"</body></html>
");
return;
}
if (cgi_mode) {
