upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-14 14:43:06 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
nextcloud/lib
History
Ferdinand Thiessen 77dc78855f fix(SecurityMiddleware): return header to distinguish error type 
Currently we return a 403 (Forbidden) when the password confirmation
failed - which itself seems to be inappropriate as its basically a login
failing so a 401 (not authorized) is more appropriate.

This is especially a problem because APIs might return 403 internally
for good reason (e.g. user missing permission) but 401 would not be a
problem.

But as this is a breaking change so my solution to be able to
distinguish API error from password confirmation error is:

Add a header inside the response that marks failed password confirmation
`X-NC-Auth-NotConfirmed`.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-03-12 08:54:39 +00:00
..
composer fix(propagator): Improve lock behavior of propagator 2026-02-17 10:39:11 +01:00
l10n fix(l10n): Update translations from Transifex 2026-03-11 00:26:57 +00:00
private fix(SecurityMiddleware): return header to distinguish error type 2026-03-12 08:54:39 +00:00
public Merge pull request #58368 from nextcloud/backport/58134/stable32 2026-02-23 14:11:34 +01:00
unstable fix(lexicon): missing doc 2025-07-24 15:56:35 -01:00
base.php fix: add user id header when redirecting to default app 2026-02-19 14:28:07 +00:00
versioncheck.php feat(PHP): Allow PHP 8.4 2024-11-08 12:59:12 +01:00