tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Respond with HTTP status code 403 when an XHR requires authentication 

refs #8626
This commit is contained in:
Eric Lippmann 2015-03-11 22:32:04 +01:00
parent 0806ab3ec9
commit 2f752ed1ac
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
library/Icinga/Web/Controller/ActionController.php
View File

@ -299,6 +299,8 @@ class ActionController extends Zend_Controller_Action
* if it's an auto-refresh request or to redirect to the URL which required login if it's not an auto-refreshing * if it's an auto-refresh request or to redirect to the URL which required login if it's not an auto-refreshing
* one. * one.
* *
* XHR will respond with HTTP status code 403 Forbidden.
*
* @param Url|string $redirect URL to redirect to after successful login * @param Url|string $redirect URL to redirect to after successful login
*/ */
protected function redirectToLogin($redirect = null) protected function redirectToLogin($redirect = null)
@ -306,6 +308,7 @@ class ActionController extends Zend_Controller_Action
$login = Url::fromPath('authentication/login'); $login = Url::fromPath('authentication/login');
if ($this->isXhr()) { if ($this->isXhr()) {
$login->setParam('redirect', '__SELF__'); $login->setParam('redirect', '__SELF__');
$this->_response->setHttpResponseCode(403);
} elseif ($redirect !== null) { } elseif ($redirect !== null) {
if (! $redirect instanceof Url) { if (! $redirect instanceof Url) {
$redirect = Url::fromPath($redirect); $redirect = Url::fromPath($redirect);