minor #35606 [Security] Replace 403 with 401 in `onAuthenticationFail…

…ure` method (alanpoulain) This PR was merged into the 3.4 branch. Discussion ---------- [Security] Replace 403 with 401 in `onAuthenticationFailure` method | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | N/A | License | MIT | Doc PR | N/A This comment in `onAuthenticationFailure` was misleading since a 401 status code should probably be returned instead of a 403. Commits ------- 73bc793 Replace 403 with 401 in onAuthenticationFailure method
symfony · Feb 5, 2020 · adacae6 · adacae6
2 parents c2e0aab + 73bc793
commit adacae6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php b/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php
@@ -107,7 +107,7 @@ public function createAuthenticatedToken(UserInterface $user, $providerKey);
      * Called when authentication executed, but failed (e.g. wrong username password).
      *
      * This should return the Response sent back to the user, like a
-     * RedirectResponse to the login page or a 403 response.
+     * RedirectResponse to the login page or a 401 response.
      *
      * If you return null, the request will continue, but the user will
      * not be authenticated. This is probably not what you want to do.