Improve RPC authentication failure responses.
This commit improves how the legacy RPC server responds to authentication failures so things like web browsers can react better. The following changes have been made: First, authentication failures were only printing the 401 error response in the body instead of setting the http status code. This means the response had a 200 OK header with a body of 401 Unauthorized. Therefore the client would think everything was ok, but see the response as malformed JSON. Second, the spec for 401 Unauthorized responses state they must include a WWW-Authenticate header to instruct the client how to authenticate. Without this, browsers won't prompt the user for credentials.
This commit is contained in:
parent
8f43dc758e
commit
5859deea7e
1 changed files with 2 additions and 1 deletions
|
@ -337,7 +337,8 @@ func newRPCServer(listenAddrs []string, s *server) (*rpcServer, error) {
|
||||||
|
|
||||||
// jsonAuthFail sends a message back to the client if the http auth is rejected.
|
// jsonAuthFail sends a message back to the client if the http auth is rejected.
|
||||||
func jsonAuthFail(w http.ResponseWriter, r *http.Request, s *rpcServer) {
|
func jsonAuthFail(w http.ResponseWriter, r *http.Request, s *rpcServer) {
|
||||||
fmt.Fprint(w, "401 Unauthorized.\n")
|
w.Header().Add("WWW-Authenticate", `Basic realm="btcd RPC"`)
|
||||||
|
http.Error(w, "401 Unauthorized.", http.StatusUnauthorized)
|
||||||
}
|
}
|
||||||
|
|
||||||
// jsonRPCRead is the RPC wrapper around the jsonRead function to handle reading
|
// jsonRPCRead is the RPC wrapper around the jsonRead function to handle reading
|
||||||
|
|
Loading…
Reference in a new issue