From e574dcc66361c20da83e3fc8a7666c81115ab157 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Mon, 30 Jan 2017 10:51:54 +0100 Subject: [PATCH] (mvc) fix http status codes, closes https://github.com/opnsense/core/issues/1358 --- .../mvc/app/controllers/OPNsense/Base/ApiControllerBase.php | 2 ++ .../mvc/app/controllers/OPNsense/Base/ControllerBase.php | 1 + 2 files changed, 3 insertions(+) diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php index a4e4dca49..e5fc4b8c2 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php @@ -171,6 +171,7 @@ class ApiControllerBase extends ControllerRoot // handle UI ajax requests // use session data and ACL to validate request. if (!$this->doAuth()) { + $this->response->setStatusCode(401, "Unauthorized"); return false; } @@ -185,6 +186,7 @@ class ApiControllerBase extends ControllerRoot ) { // missing csrf, exit. $this->getLogger()->error("no matching csrf found for request"); + $this->response->setStatusCode(403, "Forbidden"); return false; } } diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php index 83dd02571..5ed13b256 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php @@ -179,6 +179,7 @@ class ControllerBase extends ControllerRoot // check for valid csrf on post requests if ($this->request->isPost() && !$this->security->checkToken()) { // post without csrf, exit. + $this->response->setStatusCode(403, "Forbidden"); return false; }