From 30e9bcc492ffa81dabfd316a295ff4d20daaec3b Mon Sep 17 00:00:00 2001
From: Xavier Del Campo Romero <xavi92@disroot.org>
Date: Sat, 13 Jun 2026 09:38:00 +0200
Subject: Report missing authentication

Previously, HTTP error 403 was returned if an unauthenticated user
attempted to access a file or directory inside /user/. However, this
error message confusing because, most often, it was caused by legitimate
users with missing or expired HTTP cookies. While the usual workaround
was to access /index.html and authenticate, this was too confusing to
some users.
---
 main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'main.c')

diff --git a/main.c b/main.c
index 6ad0cf7..ff05fd4 100644
--- a/main.c
+++ b/main.c
@@ -1021,7 +1021,7 @@ static int getnode(const struct http_payload *const p,
     if (auth_cookie(a, &p->cookie))
     {
         fprintf(stderr, "%s: auth_cookie failed\n", __func__);
-        return page_forbidden(r);
+        return page_missing_login(r);
     }
     else if (path_invalid(resource))
     {
-- 
cgit v1.2.3