upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-13 04:57:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
nextcloud/lib/private/AppFramework
History
Ferdinand Thiessen 77dc78855f fix(SecurityMiddleware): return header to distinguish error type 
Currently we return a 403 (Forbidden) when the password confirmation
failed - which itself seems to be inappropriate as its basically a login
failing so a 401 (not authorized) is more appropriate.

This is especially a problem because APIs might return 403 internally
for good reason (e.g. user missing permission) but 401 would not be a
problem.

But as this is a breaking change so my solution to be able to
distinguish API error from password confirmation error is:

Add a header inside the response that marks failed password confirmation
`X-NC-Auth-NotConfirmed`.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-03-12 08:54:39 +00:00
..
Bootstrap fix(userconfig): duplicate core lexicon 2025-07-29 10:36:44 -01:00
DependencyInjection fix(container): Reduce general deprecation spam on all requests 2025-08-09 11:53:30 +02:00
Http fix: add fallback to raw path info 2026-03-10 12:52:15 +00:00
Middleware fix(SecurityMiddleware): return header to distinguish error type 2026-03-12 08:54:39 +00:00
OCS chore: apply new CSFixer rules 2025-07-01 16:26:50 +02:00
Routing feat(routing): add files_sharing_raw to rootUrlApps 2026-03-10 14:31:35 +00:00
Services fix: Use only enabled applications versions in the cache prefix 2025-06-05 17:58:54 +02:00
Utility fix(controller): Support native int ranges 2026-01-07 18:06:10 +00:00
App.php Merge pull request #54303 from nextcloud/jtr-oc-appframework-app-cleanup 2025-08-08 10:41:51 +02:00
Http.php chore: apply new CSFixer rules 2025-07-01 16:26:50 +02:00
ScopedPsrLogger.php fix(logger): Fix scoped PSR logger when running psalm:ci 2024-06-11 11:52:18 +02:00