diff options
author | Go MAEDA <maeda@farend.jp> | 2019-04-10 02:51:28 +0000 |
---|---|---|
committer | Go MAEDA <maeda@farend.jp> | 2019-04-10 02:51:28 +0000 |
commit | 6ef0a4c4cc4020150393d2a553f1b41d9fe3f38f (patch) | |
tree | 315735b8b033ebef35855ac0a13527d8154ff129 /app/controllers/application_controller.rb | |
parent | 7cf16d4abd3efde6444366d2ae9cebdb21c13713 (diff) | |
download | redmine-6ef0a4c4cc4020150393d2a553f1b41d9fe3f38f.tar.gz redmine-6ef0a4c4cc4020150393d2a553f1b41d9fe3f38f.zip |
Use HTTP status code 403 instead of 401 when REST API is disabled (#30086).
Patch by Yuichi HARADA.
git-svn-id: http://svn.redmine.org/redmine/trunk@18055 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r-- | app/controllers/application_controller.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index bf660c50b..54f1e63d7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -231,9 +231,14 @@ class ApplicationController < ActionController::Base format.any(:atom, :pdf, :csv) { redirect_to signin_path(:back_url => url) } - format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } + format.api { + if Setting.rest_api_enabled? && accept_api_auth? + head(:unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"') + else + head(:forbidden) + end + } format.js { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } - format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } format.any { head :unauthorized } end return false |