|
 |
5b8408 |
From 7f5666375a3351e9c37589456b6fb3c92ef987c0 Mon Sep 17 00:00:00 2001
|
|
|
5b8408 |
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
|
|
|
5b8408 |
Date: Sat, 4 Aug 2018 08:55:33 +0200
|
|
|
5b8408 |
Subject: [PATCH 09/11] don't return content with 503; see #331
|
|
|
5b8408 |
|
|
|
5b8408 |
since it turns the HTTP 503 status code into a 200 which we don't prefer
|
|
|
5b8408 |
for XHR clients; users will see Apache specific readable text
|
|
|
5b8408 |
|
|
|
5b8408 |
Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
|
|
|
5b8408 |
(cherry picked from commit 9e98f1a042fa14d6b0892638a0d87c2b951837b6)
|
|
|
5b8408 |
---
|
|
|
5b8408 |
ChangeLog | 4 +++-
|
|
|
5b8408 |
src/mod_auth_openidc.c | 8 ++++++++
|
|
|
5b8408 |
2 files changed, 11 insertions(+), 1 deletion(-)
|
|
|
5b8408 |
|
|
|
5b8408 |
diff --git a/ChangeLog b/ChangeLog
|
|
|
5b8408 |
index 27f45be..dfe4bd6 100644
|
|
|
5b8408 |
--- a/ChangeLog
|
|
|
5b8408 |
+++ b/ChangeLog
|
|
|
5b8408 |
@@ -1,8 +1,10 @@
|
|
|
5b8408 |
+08/04/2018
|
|
|
5b8408 |
+- don't return content with 503 since it will turn the HTTP status code into a 200; see #331
|
|
|
5b8408 |
|
|
|
5b8408 |
08/03/2018
|
|
|
5b8408 |
- add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies; see #331
|
|
|
5b8408 |
- make the default maximum number of parallel state cookies 7 instead of unlimited; see #331
|
|
|
5b8408 |
-- bump o 2.3.8rc1
|
|
|
5b8408 |
+- bump to 2.3.8rc1
|
|
|
5b8408 |
|
|
|
5b8408 |
07/06/2018
|
|
|
5b8408 |
- abort when string length for remote user name substitution is larger than 255 characters
|
|
|
5b8408 |
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
|
|
|
5b8408 |
index c0f65c6..e3817a9 100644
|
|
|
5b8408 |
--- a/src/mod_auth_openidc.c
|
|
|
5b8408 |
+++ b/src/mod_auth_openidc.c
|
|
|
5b8408 |
@@ -833,12 +833,20 @@ static int oidc_authorization_request_set_cookie(request_rec *r,
|
|
|
5b8408 |
* XHR client handle this?
|
|
|
5b8408 |
*/
|
|
|
5b8408 |
|
|
|
5b8408 |
+ /*
|
|
|
5b8408 |
+ * it appears that sending content with a 503 turns the HTTP status code
|
|
|
5b8408 |
+ * into a 200 so we'll avoid that for now: the user will see Apache specific
|
|
|
5b8408 |
+ * readable text anyway
|
|
|
5b8408 |
+ *
|
|
|
5b8408 |
return oidc_util_html_send_error(r, c->error_template,
|
|
|
5b8408 |
"Too Many Outstanding Requests",
|
|
|
5b8408 |
apr_psprintf(r->pool,
|
|
|
5b8408 |
"No authentication request could be generated since there are too many outstanding authentication requests already; you may have to wait up to %d seconds to be able to create a new request",
|
|
|
5b8408 |
c->state_timeout),
|
|
|
5b8408 |
HTTP_SERVICE_UNAVAILABLE);
|
|
|
5b8408 |
+ */
|
|
|
5b8408 |
+
|
|
|
5b8408 |
+ return HTTP_SERVICE_UNAVAILABLE;
|
|
|
5b8408 |
}
|
|
|
5b8408 |
|
|
|
5b8408 |
/* assemble the cookie name for the state cookie */
|
|
|
5b8408 |
--
|
|
|
5b8408 |
2.26.2
|
|
|
5b8408 |
|