locked
Browser receives HTTP 403 Forbidden, however webapp returns an HTTP 401 RRS feed

  • Question

  • Hi All,
    There seems to be something odd with the proxying of error responses back to the browser.

    The simplest example is when logging into our Reverse Proxied Web Application, if you deliberately enter an incorrect password, the browser receives an HTTP 403 Forbidden response, however the web application actually returns an HTTP 401 Unauthorized response. As such, the payload with this response is not returned to the browser and the application does not display the correct error message.
    Can anyone advise if the proxy may be intercepting the 401 response and replacing it with a 403 response?

    Thanks!

    Wednesday, March 11, 2020 12:59 AM