Fixed "broken access control" (it hid configuration files, but it returned 200 OK instead of 403 Forbidden)

index.js

@@ -594,13 +594,27 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
       });
     } else if ((href == "/redbrick-interpreters.json" || href == "/redbrick-scriptexts.json" || (os.platform() == "win32" && (href.toLowerCase() == "/redbrick-interpreters.json" || href.toLowerCase() == "/redbrick-scriptexts.json"))) && path.normalize(__dirname + "/../../..") == process.cwd()) {
       if (!callServerError) {
-        res.writeHead(200, "OK", {
+        res.writeHead(403, "Forbidden", {
-          "Content-Type": "application/json",
+          "Content-Type": "text/html",
           "Server": "RedBrick/" + version
         });
+        res.write(
+            "<html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have access to specific page.</p><p style=\"font-style: italic; font-weight: normal;\">SVR.JS " +
+                    configJSON.version +
+                    " (" +
+                    os.platform()[0].toUpperCase() +
+                    os.platform().slice(1) +
+                    "; Node.JS/" +
+                    process.version +
+                    ") RedBrick/" +
+                    version +
+                    " " +
+                    (req.headers.host == undefined ? "" : " on " + req.headers.host) +
+                    "</p></body></html>"
+            );
         res.end(JSON.stringify(exttointerpreteruser, null, 2));
       } else {
-        callServerError(200, "RedBrick/" + version, exttointerpreteruser);
+        callServerError(403, "RedBrick/" + version);
       }
     } else {
       elseCallback();