I'm adopting HFS template to use on mobile browser and encountered some strange quirk.
Some browsers consider path during authentication, so if you authenticate at
http://server/some/folder/~login you become logged in for
http://server/some/folder/ and deeper. But if after authentication you go to
http://server/some/ or
http://server/some/other/folder you suddenly discover that browser does not send "Authorization" header anymore. Usually it is not problem, as by default you log in at root folder, i.e. at
http://server/~login and hence become logged in for the whole HFS tree. But unfortunately Android browser considers "~login" part as folder, so when after successful authentication you are redirected back to root folder you become unauthorized again. So you are effectively unable to login.
So either you have to restrict access to whole site and thus making anonymous access impossible.
Another solution, which is not available yet, would be to modify HTTP response code within template and switch to corresponding error section like [not found] [overload] [deny] etc.
For example, within template I could inspect protocol (http, https), cookie or any other condition, and then require user authentication accordingly by setting HTTP code to "401 Unauthorized".
Something like
[]
{.if not|{.header|Authorization.}| {: {.http-error|401.} :} .}
<!DOCTYPE...In this example HFS would set HTTP code to 401 and jumps to [unauthorized] section.
This macro can have optional parameter "no-switch"
{.http-error|401|no-switch.}and in this case HFS just updates error code, but continues to process template normally, i.e. to <!DOCTYPE... and so on.
{.http-error|200|no-switch.}is great example of doing nothing
