9e6ef6f237
According to rfc2616[1], the response from a server to a request with bad credentials should be a 401 instead of a 403. Grin does not have the concept of identities so it does not actually recognize a user request with bad credentials. [1] https://tools.ietf.org/html/rfc2616#section-10.4.2