diff options
author | Guillermo Iguaran <guilleiguaran@gmail.com> | 2014-06-13 02:23:16 -0500 |
---|---|---|
committer | Guillermo Iguaran <guilleiguaran@gmail.com> | 2014-06-13 02:25:26 -0500 |
commit | a62001c5429723a78c7f382e34f157af1a668d68 (patch) | |
tree | 4119281ea44577f0f10acc74128c5c94c8fd0bc9 /actionpack/lib/action_controller/metal/http_authentication.rb | |
parent | d6bb7892665d93ee55828c0b5df6c5f5e635c15f (diff) | |
download | rails-a62001c5429723a78c7f382e34f157af1a668d68.tar.gz rails-a62001c5429723a78c7f382e34f157af1a668d68.tar.bz2 rails-a62001c5429723a78c7f382e34f157af1a668d68.zip |
Set the status before of setting the response body
The 401 status should be set first because setting the response body in
a live controller also closes the response to further changes.
Fixes #14229.
Diffstat (limited to 'actionpack/lib/action_controller/metal/http_authentication.rb')
-rw-r--r-- | actionpack/lib/action_controller/metal/http_authentication.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 3111992f82..bad979be2d 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -121,8 +121,8 @@ module ActionController def authentication_request(controller, realm) controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}") - controller.response_body = "HTTP Basic: Access denied.\n" controller.status = 401 + controller.response_body = "HTTP Basic: Access denied.\n" end end @@ -256,8 +256,8 @@ module ActionController def authentication_request(controller, realm, message = nil) message ||= "HTTP Digest: Access denied.\n" authentication_header(controller, realm) - controller.response_body = message controller.status = 401 + controller.response_body = message end def secret_token(request) |