Browse Source
When no (supported) authentication is passed to the JSON-RPC server, return a 401 HTTP error code instead of 403. This indicates to the client that authentication is required, and also requests that to be sent using the "basic" method. The previously-returned code 403 is now only returned if authentication is passed but not valid. There are some JSON-RPC clients out there that only send authentication after a 401 code requested it. Those fail to connect to the Electrum RPC interface even if the correct password is configured. Those same clients can e.g. connect to Bitcoin Core successfully, which already implements logic matching this change. See also https://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses.hard-fail-on-bad-server-string
Daniel Kraft
5 years ago
1 changed files with 13 additions and 4 deletions
Loading…
Reference in new issue