summaryrefslogtreecommitdiffstats
path: root/app/controllers/application_controller.rb
diff options
context:
space:
mode:
authorGo MAEDA <maeda@farend.jp>2019-04-10 02:51:28 +0000
committerGo MAEDA <maeda@farend.jp>2019-04-10 02:51:28 +0000
commit6ef0a4c4cc4020150393d2a553f1b41d9fe3f38f (patch)
tree315735b8b033ebef35855ac0a13527d8154ff129 /app/controllers/application_controller.rb
parent7cf16d4abd3efde6444366d2ae9cebdb21c13713 (diff)
downloadredmine-6ef0a4c4cc4020150393d2a553f1b41d9fe3f38f.tar.gz
redmine-6ef0a4c4cc4020150393d2a553f1b41d9fe3f38f.zip
Use HTTP status code 403 instead of 401 when REST API is disabled (#30086).
Patch by Yuichi HARADA. git-svn-id: http://svn.redmine.org/redmine/trunk@18055 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r--app/controllers/application_controller.rb9
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bf660c50b..54f1e63d7 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -231,9 +231,14 @@ class ApplicationController < ActionController::Base
format.any(:atom, :pdf, :csv) {
redirect_to signin_path(:back_url => url)
}
- format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
+ format.api {
+ if Setting.rest_api_enabled? && accept_api_auth?
+ head(:unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"')
+ else
+ head(:forbidden)
+ end
+ }
format.js { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
- format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
format.any { head :unauthorized }
end
return false