Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[web] return 403 for Unauthorized, not 401
authorJulien Cristau <julien.cristau@logilab.fr>
Thu, 13 Mar 2014 16:57:22 +0100
changeset 9659 c45073a96aee
parent 9658 c5b47406a15d
child 9660 a78efec4cf04
[web] return 403 for Unauthorized, not 401 401 is reserved to HTTP authentication. Just because it's also called "unauthorized" doesn't mean it's the same as cubicweb's Unauthorized exception. Closes #3648809.
web/application.py file | annotate | diff | comparison | revisions 
--- a/web/application.py	Thu Apr 03 19:55:30 2014 +0200
+++ b/web/application.py	Thu Mar 13 16:57:22 2014 +0100
@@ -480,7 +480,7 @@
         except Unauthorized as ex:
             req.data['errmsg'] = req._('You\'re not authorized to access this page. '
                                        'If you think you should, please contact the site administrator.')
-            req.status_out = httplib.UNAUTHORIZED
+            req.status_out = httplib.FORBIDDEN
             result = self.error_handler(req, ex, tb=False)
         except Forbidden as ex:
             req.data['errmsg'] = req._('This action is forbidden. '
cubicweb