If authorization fails, according to the Silex SecurityProvider rules, then Symfony\Component\Security\Http\Firewall\AccessListener::handle throws a Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException with the message "A Token was not found in the SecurityContext." This message is improperly being set as the HTTP status message.
For example, In making this request of a resource requiring HTTP Basic Auth authorization:
If authorization fails, according to the Silex SecurityProvider rules, then Symfony\Component\Security\Http\Firewall\AccessListener::handle throws a Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException with the message "A Token was not found in the SecurityContext." This message is improperly being set as the HTTP status message.
For example, In making this request of a resource requiring HTTP Basic Auth authorization:
I receive this response:
However, I expect to see this status message, instead:
Otherwise, the security rules apply properly if providing the correct Authorization header.
Here's a simple index.php script that reproduces this issue: