[hackers] [quark] HTTP 401 -> 403 || FRIGN

From: <git_AT_suckless.org>
Date: Mon, 11 Aug 2014 16:59:24 +0200

commit ef51cd3355fa5f909bcc27b895086b13b29af231
Author: FRIGN <dev_AT_frign.de>
Date: Mon Aug 11 16:59:27 2014 +0200

    HTTP 401 -> 403
    
    When the client requests a hidden file, we forbid access.
    401 is mostly used when a login is required and hasn't been provided.
    Thus, given we don't offer a login-prompt to access hidden and bogus
    files but categorically reject them, 403 makes more sense here.

diff --git a/quark.c b/quark.c
index 9002424..30bff89 100644
--- a/quark.c
+++ b/quark.c
_AT_@ -25,12 +25,12 @@ char *argv0;
 #define MAXBUFLEN 1024
 #define MIN(x,y) ((x) < (y) ? (x) : (y))
 
-#define HttpOk "200 OK"
-#define HttpMoved "301 Moved Permanently"
-#define HttpNotModified "304 Not Modified"
-#define HttpUnauthorized "401 Unauthorized"
-#define HttpNotFound "404 Not Found"
-#define texthtml "text/html"
+#define HttpOk "200 OK"
+#define HttpMoved "301 Moved Permanently"
+#define HttpNotModified "304 Not Modified"
+#define HttpForbidden "403 Forbidden"
+#define HttpNotFound "404 Not Found"
+#define texthtml "text/html"
 
 enum {
         GET = 4,
_AT_@ -342,12 +342,12 @@ response(void) {
 
         for (p = reqbuf; *p; p++)
                 if (*p == '\' || (*p == '/' && *(p + 1) == '.')) { /* don't serve bogus or hidden files */
- if (putresentry(HEADER, HttpUnauthorized, tstamp(0))
+ if (putresentry(HEADER, HttpForbidden, tstamp(0))
                          || putresentry(CONTENTTYPE, texthtml))
                                 return;
- status = 401;
+ status = 403;
                         if (req.type == GET)
- writetext("
<html><body>"HttpUnauthorized"</body></html>
");
+ writetext("
<html><body>"HttpForbidden"</body></html>
");
                         return;
                 }
         if (cgi_mode) {
Received on Mon Aug 11 2014 - 16:59:24 CEST