Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Set the status before of setting the response body

The 401 status should be set first because setting the response body in
a live controller also closes the response to further changes.

Fixes #14229.
  • Loading branch information...
commit a62001c5429723a78c7f382e34f157af1a668d68 1 parent d6bb789
@guilleiguaran guilleiguaran authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 actionpack/lib/action_controller/metal/http_authentication.rb
View
4 actionpack/lib/action_controller/metal/http_authentication.rb
@@ -121,8 +121,8 @@ def encode_credentials(user_name, password)
def authentication_request(controller, realm)
controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}")
- controller.response_body = "HTTP Basic: Access denied.\n"
controller.status = 401
+ controller.response_body = "HTTP Basic: Access denied.\n"
end
end
@@ -256,8 +256,8 @@ def authentication_header(controller, realm)
def authentication_request(controller, realm, message = nil)
message ||= "HTTP Digest: Access denied.\n"
authentication_header(controller, realm)
- controller.response_body = message
controller.status = 401
+ controller.response_body = message
end
def secret_token(request)
Please sign in to comment.
Something went wrong with that request. Please try again.