Feature #26677: HTTP code 401 on login failure - Redmine

Actions

Copy link

Feature #26677

closed

HTTP code 401 on login failure

Added by Rémi Saurel over 7 years ago. Updated 11 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Accounts / authentication

Target version:

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Wont fix

Description

When purposely causing a login error on Redmine, I can see (using web inspector and/or logfiles) that the HTTP return code is 200, i.e. "everything is ok", for the page that presents the error to the user.

It would be great if Redmine would return a 401 ("Unauthorized", see here: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_Client_errors).

Indeed, I think a 401 code in the webserver logs has great security value, and makes it easy to integrate with solutions such as Fail2Ban and others.

If this change were made, there should be absolutely no impact on the user.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Feature #26677

HTTP code 401 on login failure

Updated by Holger Just over 7 years ago

Updated by Rémi Saurel over 7 years ago

Updated by Go MAEDA 11 months ago