Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http redirect for forbidden guest access #476

Closed
plegall opened this issue May 4, 2016 · 4 comments

Comments

Projects
None yet
2 participants
@plegall
Copy link
Member

commented May 4, 2016

If $conf['guest_access'] is false, we'd better perform an http redirect and not an html redirect.

@plegall plegall self-assigned this May 4, 2016

@plegall plegall added this to the 2.8.2 milestone May 4, 2016

@plegall plegall added the Type: Bug label May 30, 2016

@plegall plegall closed this May 30, 2016

@modus75

This comment has been minimized.

Copy link
Contributor

commented May 30, 2016

@plegall, Can you try this on as many browsers as possible ? I'm not sure all browsers follow the http header redirects if status code is 401 (the http protocol specify it for 3xx status codes but not for 401)

@plegall

This comment has been minimized.

Copy link
Member Author

commented May 30, 2016

@modus75 you're right. I even think that the HTTP code automatically becomes 302 when redirecting. You can't have a redirect and code 401, it is not logical.

So I propose to set_status_header(401) only when we do no redirect (the first case of access_denied). Do you agree?

@plegall plegall reopened this May 30, 2016

@modus75

This comment has been minimized.

Copy link
Contributor

commented May 30, 2016

It's ok with me (because I don't use this case), but it's somehow strange to redirect in case of authorization error...

@plegall

This comment has been minimized.

Copy link
Member Author

commented May 30, 2016

the idea behind guest_access=false is to force connection. Whatever the page the visitor tries to open, he is redirected to identification.php as long as he is not connected. Including the home page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.