Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Set the status before of setting the response body
The 401 status should be set first because setting the response body in
a live controller also closes the response to further changes.

Fixes #14229.
  • Loading branch information
guilleiguaran committed Jun 13, 2014
1 parent 438a1bd commit c1c32ae
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions actionpack/lib/action_controller/metal/http_authentication.rb
Expand Up @@ -109,8 +109,8 @@ def encode_credentials(user_name, password)

def authentication_request(controller, realm)
controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}")
controller.response_body = "HTTP Basic: Access denied.\n"
controller.status = 401
controller.response_body = "HTTP Basic: Access denied.\n"
end
end

Expand Down Expand Up @@ -244,8 +244,8 @@ def authentication_header(controller, realm)
def authentication_request(controller, realm, message = nil)
message ||= "HTTP Digest: Access denied.\n"
authentication_header(controller, realm)
controller.response_body = message
controller.status = 401
controller.response_body = message
end

def secret_token(request)
Expand Down

0 comments on commit c1c32ae

Please sign in to comment.