Skip to content
Permalink
Browse files

Don't set Location headers when failing ajax requests.

Setting a location header and 403 status codes causes infinite loops
when AuthComponent is set to protect `/`.

Refs #6880
  • Loading branch information...
markstory committed Jun 28, 2015
1 parent 7d7b787 commit 802020227034f5a86b225ed68b2f786396f34a4f
@@ -364,7 +364,8 @@ protected function _unauthenticated(Controller $controller)
$response->statusCode(403);
return $response;
}
return $controller->redirect(null, 403);
$this->response->statusCode(403);
return $this->response;
}
/**
@@ -973,6 +973,28 @@ public function testAjaxLogin()
);
}
/**
* test ajax unauthenticated
*
* @return void
* @triggers Controller.startup $this->Controller
*/
public function testAjaxUnauthenticated()
{
$this->Controller->request = new Request([
'url' => '/ajax_auth/add',
'environment' => ['HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'],
]);
$this->Controller->request->params['action'] = 'add';
$event = new Event('Controller.startup', $this->Controller);
$response = $this->Auth->startup($event);
$this->assertTrue($event->isStopped());
$this->assertEquals(403, $response->statusCode());
$this->assertArrayNotHasKey('Location', $response->header());
}
/**
* testLoginActionRedirect method
*

0 comments on commit 8020202

Please sign in to comment.
You can’t perform that action at this time.