Ferdinand Thiessen 9b54b06de5 fix(SecurityMiddleware): return header to distinguish error type ... Currently we return a 403 (Forbidden) when the password confirmation failed - which itself seems to be inappropriate as its basically a login failing so a 401 (not authorized) is more appropriate. This is especially a problem because APIs might return 403 internally for good reason (e.g. user missing permission) but 401 would not be a problem. But as this is a breaking change so my solution to be able to distinguish API error from password confirmation error is: Add a header inside the response that marks failed password confirmation `X-NC-Auth-NotConfirmed`. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>		2026-03-11 15:11:29 +01:00
..
PublicShare	feat(rector): Enable SafeDeclareStrictTypesRector	2026-02-09 10:59:31 +01:00
Security	fix(SecurityMiddleware): return header to distinguish error type	2026-03-11 15:11:29 +01:00
AdditionalScriptsMiddleware.php	chore: Add SPDX header	2024-05-24 13:11:22 +02:00
CompressionMiddleware.php	refactor: Run rector on lib/private	2026-02-06 13:50:18 +01:00
FlowV2EphemeralSessionsMiddleware.php	feat(EphemeralSessions): Introduce lax period	2025-11-05 16:08:13 +01:00
MiddlewareDispatcher.php	style: update codestyle for coding-standard 1.2.3	2024-08-25 19:34:58 +02:00
MiddlewareUtils.php	refactor: Move hasAnnotationOrAttribute to MiddlewareUtils	2026-01-28 21:48:16 +01:00
NotModifiedMiddleware.php	refactor: Run rector on lib/private	2026-02-06 13:50:18 +01:00
OCSMiddleware.php	refactor: Run rector on lib/private	2026-02-06 13:50:18 +01:00
SessionMiddleware.php	refactor: Run rector on lib/private	2026-02-06 13:50:18 +01:00