Ferdinand Thiessen ea2a469698 fix(SecurityMiddleware): return header to distinguish error type ... Currently we return a 403 (Forbidden) when the password confirmation failed - which itself seems to be inappropriate as its basically a login failing so a 401 (not authorized) is more appropriate. This is especially a problem because APIs might return 403 internally for good reason (e.g. user missing permission) but 401 would not be a problem. But as this is a breaking change so my solution to be able to distinguish API error from password confirmation error is: Add a header inside the response that marks failed password confirmation `X-NC-Auth-NotConfirmed`. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>		2026-03-12 08:54:26 +00:00
..
PublicShare	chore: apply new CSFixer rules	2025-07-01 16:26:50 +02:00
Security	fix(SecurityMiddleware): return header to distinguish error type	2026-03-12 08:54:26 +00:00
AdditionalScriptsMiddleware.php	chore: Add SPDX header	2024-05-24 13:11:22 +02:00
CompressionMiddleware.php	chore: Add SPDX header	2024-05-24 13:11:22 +02:00
FlowV2EphemeralSessionsMiddleware.php	feat(EphemeralSessions): Introduce lax period	2025-11-05 16:08:13 +01:00
MiddlewareDispatcher.php	style: update codestyle for coding-standard 1.2.3	2024-08-25 19:34:58 +02:00
NotModifiedMiddleware.php	fix: use correct format for expires, last-modified, and if-modified-since headers	2025-06-10 13:15:31 +02:00
OCSMiddleware.php	fix(AppFramework): Check for responder existence	2025-11-12 09:39:53 +01:00
SessionMiddleware.php	chore: Add SPDX header	2024-05-24 13:11:22 +02:00