Kong: ACL plugin: 401 vs 403

Created on 5 Apr 2019  路  2Comments  路  Source: Kong/kong

Summary

ACL plugin should return 401 when credentials is not provided. Now always returns 403

Steps To Reproduce

  1. Add ACL plugin with white list to any service
  2. Add Any security plugin (ApiKey)
  3. Request any service route without credentials (response 403)
  4. Disable ACL plugin and send the request again (response 401)

401 Unauthorized (I don't have credentials) vs 403 Forbidden (I have credentials but, is refusing to fulfil it

Additional Details & Logs

  • Kong version (1.0.2)
tasfeature
Source
picture odelvalle

Most helpful comment

@odelvalle I like your proposal. PR is welcomed! I will also add card to our backlog.

picture bungle on 9 Apr 2019
👍2

All 2 comments

@odelvalle I like your proposal. PR is welcomed! I will also add card to our backlog.

bungle picture bungle on 9 Apr 2019
👍2

Fixed with #5440.

bungle picture bungle on 15 Jan 2020
1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kwahome picture kwahome  路  3Comments
z843248880 picture z843248880  路  3Comments
lavoiedn picture lavoiedn  路  3Comments
xiaochai picture xiaochai  路  3Comments
hbagdi picture hbagdi  路  3Comments