7a3bd19926
According to the HTTP standard, a lack of authentication credentials or incorrect authentication credentials should send back a 401 (Unauthorized) with a `WWW-Authenticate` header with a challenge that can be used to authenticate. This is because a 401 status should be sent when an authentication attempt can be retried by the browser. The 403 (Forbidden) status code should be sent when authentication succeeded, but the user does not have the necessary authorization. Previously, the server would always send a 401 status code. |
||
|---|---|---|
| .. | ||
| config.go | ||
| config_test.go | ||
| handler.go | ||
| handler_test.go | ||
| listen.go | ||
| listen_test.go | ||
| response_logger.go | ||
| service.go | ||