+1 all around, except I'd rather not change the status codes from 401 -> 400 in essex & folsom, even though 400 is obviously more appropriate. I'd prefer to change it in grizzly, but perhaps that change would be more appropriate as a public followup to this security fix. I'm happy to see the message argument removed from those exceptions, however.
+1 all around, except I'd rather not change the status codes from 401 -> 400 in essex & folsom, even though 400 is obviously more appropriate. I'd prefer to change it in grizzly, but perhaps that change would be more appropriate as a public followup to this security fix. I'm happy to see the message argument removed from those exceptions, however.