@@ -574,9 +574,6 @@ http {
574574 # Internal location for custom 401 response
575575 location @basic_auth_failure {
576576 add_header WWW-Authenticate 'Basic realm="Restricted"' always;
577- add_header Content-Type "text/plain; charset=utf-8" always;
578- add_header X-Content-Type-Options "nosniff" always;
579- add_header Cache-Control "no-store" always;
580577 return 401 'Unauthorized';
581578 }
582579 }
@@ -754,9 +751,6 @@ http {
754751 # Internal location for custom 401 response
755752 location @jwt_auth_failure {
756753 add_header WWW-Authenticate 'Bearer realm="Restricted", error="insufficient_scope"' always;
757- add_header Content-Type "text/plain; charset=utf-8" always;
758- add_header X-Content-Type-Options "nosniff" always;
759- add_header Cache-Control "no-store" always;
760754 return 403 'Forbidden';
761755 }
762756 }
@@ -846,9 +840,6 @@ http {
846840 # Internal location for custom 401 response
847841 location @jwt_auth_failure {
848842 add_header WWW-Authenticate 'Bearer realm="Restricted", error="invalid_token"' always;
849- add_header Content-Type "text/plain; charset=utf-8" always;
850- add_header X-Content-Type-Options "nosniff" always;
851- add_header Cache-Control "no-store" always;
852843 return 401 'Unauthorized';
853844 }
854845 }
@@ -1061,10 +1052,10 @@ Users should be advised to regularly rotate their JWKS keys in cases where they
10611052
10621053401 and 403 should be the only allowable auth failure codes.
10631054
1064- # ## Auth failure default headers
1055+ # ## Optional headers
10651056
1066- Below are a list of default defensive headers for authentication failure reponses .
1067- We may choose to include these headers by default for improved robustness in auth failure responses .
1057+ Below are a list of optional defensive headers that user's may choose to include .
1058+ In certain scenarios, these headers may be deployed to improve overall security from client reponses .
10681059
10691060` ` ` nginx
10701061add_header Content-Type "text/plain; charset=utf-8" always;
0 commit comments