Nextcloud version (eg, 20.0.5): 29.0.0.19
Operating system and version (eg, Ubuntu 20.04): debian bookworm, docker
Apache or nginx version (eg, Apache 2.4.25): nginx 1.26
PHP version (eg, 7.4): 8.2.19
2FA enabled.
I was wondering why entering a faulty password or non existent username results in a http redirect 303 and not 401?
Can you post more details e.g. the full URL including get parameter? You can find it in browser dev tools press F12 and then network analysis.
First of all, I’m not an expert, but my instance does the same thing and I think this is by design and not a bug.
As for your actual question about why 303 is used instead of 401, the following thread on Stack Overflow may provide some insight: https://stackoverflow.com/questions/2839585/what-is-correct-http-status-code-when-redirecting-to-a-login-page