[BUGFIX] Use 403 header instead of 401 header

The usage of a 401 header must be accompanied by a valid
www-authenticate header, which does not support form-based logins.

Resolves: #85411
Releases: master, 8.7
Change-Id: I71062c58a7d846214f1fec41e78cce4ae72955f3
Reviewed-on: https://review.typo3.org/58244
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>

diff --git a/typo3/sysext/core/Classes/Resource/Hook/FileDumpEIDHookInterface.php b/typo3/sysext/core/Classes/Resource/Hook/FileDumpEIDHookInterface.php
index 7bd301e..268c457 100644 (file)
--- a/typo3/sysext/core/Classes/Resource/Hook/FileDumpEIDHookInterface.php
+++ b/typo3/sysext/core/Classes/Resource/Hook/FileDumpEIDHookInterface.php
@@ -23,7 +23,8 @@ interface FileDumpEIDHookInterface
     /**
      * Perform custom security/access when accessing file
      * Method should issue 403 if access is rejected
-     * or 401 if authentication is required
+     * or 401 if authentication is required via an authorized HTTP authorization scheme.
+     * A 401 header must be accompanied by a www-authenticate header!
      *
      * @param \TYPO3\CMS\Core\Resource\ResourceInterface $file
      */