From 428cd95a5c0600f2262a7bcd49c3882068215438 Mon Sep 17 00:00:00 2001
From: "ian.jones" <ian.jones@asos.com>
Date: Mon, 11 Nov 2019 14:30:53 +0000
Subject: [PATCH 1/2] fix owin overriding status codes

---
 src/Sitecore.Ship.AspNet/BaseHttpHandler.cs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs b/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs
index 06d553c..a59c0fd 100644
--- a/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs
+++ b/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs
@@ -36,7 +36,9 @@ public void ProcessRequest(HttpContext context)
         {
             if (!_authoriser.IsAllowed())
             {
+                context.Response.SuppressFormsAuthenticationRedirect = true;
                 context.Response.StatusCode = (int) HttpStatusCode.Unauthorized;
+                context.Response.End();
                 return;
             }
 

From d9def023b382b371b6d44b83e31a16b460016ae3 Mon Sep 17 00:00:00 2001
From: "ian.jones" <ian.jones@asos.com>
Date: Mon, 11 Nov 2019 15:13:26 +0000
Subject: [PATCH 2/2] change from 401 to 404 to avoid owin overriding status
 code

---
 src/Sitecore.Ship.AspNet/BaseHttpHandler.cs | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs b/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs
index a59c0fd..53367d6 100644
--- a/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs
+++ b/src/Sitecore.Ship.AspNet/BaseHttpHandler.cs
@@ -36,9 +36,7 @@ public void ProcessRequest(HttpContext context)
         {
             if (!_authoriser.IsAllowed())
             {
-                context.Response.SuppressFormsAuthenticationRedirect = true;
-                context.Response.StatusCode = (int) HttpStatusCode.Unauthorized;
-                context.Response.End();
+                context.Response.StatusCode = (int) HttpStatusCode.NotFound;
                 return;
             }