I can find it in the code but did not analyzed exactly in which use
case it's really used and how.
On Tue, Sep 16, 2014 at 10:10 AM, Pascal BASTIEN
<pbasnews-xwiki(a)yahoo.fr> wrote:
In this case if it is not taken into account you can
remove it? Or perhaps
it depends of authentication choice?
I suppose it was configurable because there was a need (like monitoring by
example)?
________________________________
De : Thomas Mortagne <thomas.mortagne(a)xwiki.com>
À : Pascal BASTIEN <pbasnews-xwiki(a)yahoo.fr>fr>; XWiki Developers
<devs(a)xwiki.org>
Envoyé le : Mardi 16 septembre 2014 9h55
Objet : Re: [xwiki-devs] A quick tiny "issue" to fix in 6.2RC1
This is indeed very weird.
Note that I just tested to fail the login and got 403 so additionally
it's not really fully taken into account (I don't really see the point
of making it configurable anyway).
Would be great if you could create an issue on
http://jira.xwiki.org.
On Tue, Sep 16, 2014 at 9:42 AM, Pascal BASTIEN <pbasnews-xwiki(a)yahoo.fr>
wrote:
Hello,
There are a tiny "issue" to fix in default xwiki.cfg:
#-# HTTP status code to sent when the authentication failed.
xwiki.authentication.unauthorized_code=200
I think 401 (OR 403) is more appropriate, isn't it?
wdyt?
Thxs
Pascal B
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
--
Thomas Mortagne