From 752f28d699e2ee79e962cd31ae06923c7a87aec0 Mon Sep 17 00:00:00 2001
From: Daniel <845765@qq.com>
Date: Wed, 20 Sep 2023 10:26:54 +0800
Subject: [PATCH] :art: Improve auth failed tip for browser access on non
 `127.0.0.1` https://github.com/siyuan-note/siyuan/issues/9224

---
 kernel/model/session.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/model/session.go b/kernel/model/session.go
index 04dbd9ccc..87bcae012 100644
--- a/kernel/model/session.go
+++ b/kernel/model/session.go
@@ -165,7 +165,7 @@ func CheckAuth(c *gin.Context) {
 			u, parseErr := url.Parse(origin)
 			if nil != parseErr {
 				logging.LogWarnf("parse origin [%s] failed: %s", origin, parseErr)
-				c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed"})
+				c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed: parse req header [Origin] failed"})
 				c.Abort()
 				return
 
@@ -177,7 +177,7 @@ func CheckAuth(c *gin.Context) {
 			}
 
 			if !strings.HasPrefix(u.Host, util.LocalHost) && !strings.HasPrefix(u.Host, "[::1]") {
-				c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed"})
+				c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed: for security reasons, please set [Access authorization code] when using non-127.0.0.1 access\n\n为安全起见，使用非 127.0.0.1 访问时请设置 [访问授权码]"})
 				c.Abort()
 				return
 			}