Status 401 Behaviour Issue
francis at daoine.org
Sun Mar 20 05:07:45 MSK 2011
On Sat, Mar 19, 2011 at 03:03:11PM -0400, Dayo wrote:
> I noticed a certain behaviour of the 401 status code response I will like to change.
> With Nginx however, if I define an html page error_page for 401, this gets served every time a user requests the protected directory and there is no opportunity to fill in the authentication details.
That sounds odd to me.
What *should* happen is the web server returns http 401 with some body
content; the web browser chooses whether to display that body content,
or to request authentication credentials, as it sees fit.
What is your error_page config?
Quick testing here shows that
error_page 401 /401.html;
returns the right content with the right status, as I would expect.
error_page 401 = /401.html;
returns the right content, but with a http 200 status, which sounds like
it matches what you are seeing.
As per http://wiki.nginx.org/HttpCoreModule#error_page, adding the
"=" means "handle this (sub)request, and change the return status to
whatever it generates instead of what we started with". For 401, you
probably don't want that.
> Is it possible to set it up such that it behaves like Apache does? I.E. only return the html error_page if the authentication fails? This seems like a better implementation to me.
Leave out the "="?
> Running 0.8.54
I tested with 0.9.4, but I don't see any obvious code fixes that would
have changed this.
All the best,
Francis Daly francis at daoine.org
More information about the nginx