Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Passing
WWW-Authenticate
toheader()
overwrites the status code to 401.https://github.com/php/php-src/blob/a51cb393b1accc29200e8f57ef867a6a47b2564f/main/SAPI.c#L829
According to RFC it is said that it is also possible to include
WWW-Authenticate
in status codes other than 401.https://tools.ietf.org/html/rfc7235#page-7
Since OAuth 2.0 Bearer writes its contents in
WWW-Authenticate
header even for errors other than 401, the original status code is applied after the status code reaches 401 by inserting theWWW-Authenticate
header field is necessary.https://tools.ietf.org/html/rfc6750#page-9
401 以外のステータスコードでも
WWW-Authenticate
ヘッダを挿入できるように。header()
にWWW-Authenticate
を渡すとステータスコードが 401 に上書きされます。https://github.com/php/php-src/blob/a51cb393b1accc29200e8f57ef867a6a47b2564f/main/SAPI.c#L829
RFC によれば 401 以外のステータスコードでも
WWW-Authenticate
を含めてもよいとされています。https://tools.ietf.org/html/rfc7235#page-7
OAuth 2.0 Bearer では 401 以外のエラーでもその内容を
WWW-Authenticate
ヘッダ記述するため、WWW-Authenticate
ヘッダを挿入したことによってステータスコードが 401 になった後、本来のステータスコードが適用される必要があります。https://tools.ietf.org/html/rfc6750#page-9