Prevent 401 on main admin page #1601

New Issue

MrUnknownDE · 2026-04-06T02:03:26+02:00

MrUnknownDE commented

2026-04-06 02:03:26 +02:00

Originally created by @BlackDex on 5/25/2023

When you are not loggedin, and have no cookie etc.. we always returned a 401. This was mainly to allow the login page on all the sub pages, and after login being redirected to the requested page, for these pages a 401 is a valid response, since, you do not have access.

But for the main /admin page, it should just respond with a 200 and show the login page.

This PR fixes this flow and response. It should prevent people using Fail2ban, or other tools being triggered by only accessing the login page.

Resolves #3540

*Originally created by @BlackDex on 5/25/2023* When you are not loggedin, and have no cookie etc.. we always returned a 401. This was mainly to allow the login page on all the sub pages, and after login being redirected to the requested page, for these pages a 401 is a valid response, since, you do not have access. But for the main `/admin` page, it should just respond with a `200` and show the login page. This PR fixes this flow and response. It should prevent people using Fail2ban, or other tools being triggered by only accessing the login page. Resolves #3540

MrUnknownDE closed this issue

2026-04-06 02:03:26 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#1601