# HG changeset patch
# User Julien Cristau <julien.cristau@logilab.fr>
# Date 1394726242 -3600
# Node ID c45073a96aee7d220664b2f38d1062f51515f736
# Parent  c5b47406a15d8e84d3cc309d1551cf9ea9ace22a
[web] return 403 for Unauthorized, not 401

401 is reserved to HTTP authentication.  Just because it's also called
"unauthorized" doesn't mean it's the same as cubicweb's Unauthorized
exception.  Closes #3648809.

diff -r c5b47406a15d -r c45073a96aee web/application.py
--- a/web/application.py	Thu Apr 03 19:55:30 2014 +0200
+++ b/web/application.py	Thu Mar 13 16:57:22 2014 +0100
@@ -480,7 +480,7 @@
         except Unauthorized as ex:
             req.data['errmsg'] = req._('You\'re not authorized to access this page. '
                                        'If you think you should, please contact the site administrator.')
-            req.status_out = httplib.UNAUTHORIZED
+            req.status_out = httplib.FORBIDDEN
             result = self.error_handler(req, ex, tb=False)
         except Forbidden as ex:
             req.data['errmsg'] = req._('This action is forbidden. '