2011年3月19日星期六

Re: Status 401 Behaviour Issue

On Sat, Mar 19, 2011 at 03:03:11PM -0400, Dayo wrote:

Hi there,

> I noticed a certain behaviour of the 401 status code response I will like to change.

> With Nginx however, if I define an html page error_page for 401, this gets served every time a user requests the protected directory and there is no opportunity to fill in the authentication details.

That sounds odd to me.

What *should* happen is the web server returns http 401 with some body
content; the web browser chooses whether to display that body content,
or to request authentication credentials, as it sees fit.

What is your error_page config?

Quick testing here shows that

error_page 401 /401.html;

returns the right content with the right status, as I would expect.

error_page 401 = /401.html;

returns the right content, but with a http 200 status, which sounds like
it matches what you are seeing.

As per http://wiki.nginx.org/HttpCoreModule#error_page, adding the
"=" means "handle this (sub)request, and change the return status to
whatever it generates instead of what we started with". For 401, you
probably don't want that.

> Is it possible to set it up such that it behaves like Apache does? I.E. only return the html error_page if the authentication fails? This seems like a better implementation to me.

Leave out the "="?

> Running 0.8.54

I tested with 0.9.4, but I don't see any obvious code fixes that would
have changed this.

All the best,

f
--
Francis Daly francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

3 条评论:

  1. Bạn có thể đến trực tiếp tại Kim Hospital để được hỗ trợ thăm khám hoặc tư vấn miễn phí về các dịch vụ thẩm mỹ mắt đẹp phẫu thuật tạo khóe mắt...Bạn sẽ có một số kiến thức thẩm mỹ nhất định cùng một sự trải nghiệm tuyệt vời!

    回复删除
  2. I’ve been browsing on-line greater than three hours today, but I never discovered any attention-grabbing article like yours. It is

    beautiful worth sufficient for me. Personally, if all webmasters and bloggers made good content material as you did, the net will

    be a lot more helpful than ever before.

    AWS Training in Chennai

    回复删除
  3. There are lots of information about latest technology and how to get trained in them, like this have spread around the web, but this is a unique one according to me. The strategy you have updated here will make me to get trained in future technologies. By the way you are running a great blog. Thanks for sharing this.
    Cloud Computing Training in Chennai

    回复删除