rpms / mod_auth_openidc

Clone
Source Code
GIT

Files

  1.   569f44ed8db0bf846e24f0f9b739743e22a6af39
  2.   SOURCES
  3.   0009-don-t-return-content-with-503-see-331.patch
Blob Blame History Raw 
From 7f5666375a3351e9c37589456b6fb3c92ef987c0 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Sat, 4 Aug 2018 08:55:33 +0200
Subject: [PATCH 09/11] don't return content with 503; see #331

since it turns the HTTP 503 status code into a 200 which we don't prefer
for XHR clients; users will see Apache specific readable text

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
(cherry picked from commit 9e98f1a042fa14d6b0892638a0d87c2b951837b6)
---
 ChangeLog              | 4 +++-
 src/mod_auth_openidc.c | 8 ++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 27f45be..dfe4bd6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,10 @@
+08/04/2018
+- don't return content with 503 since it will turn the HTTP status code into a 200; see #331
 
 08/03/2018
 - add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies; see #331
 - make the default maximum number of parallel state cookies 7 instead of unlimited; see #331
-- bump o 2.3.8rc1
+- bump to 2.3.8rc1
 
 07/06/2018
 - abort when string length for remote user name substitution is larger than 255 characters
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
index c0f65c6..e3817a9 100644
--- a/src/mod_auth_openidc.c
+++ b/src/mod_auth_openidc.c
@@ -833,12 +833,20 @@ static int oidc_authorization_request_set_cookie(request_rec *r,
 		 * XHR client handle this?
 		 */
 
+		/*
+		 * it appears that sending content with a 503 turns the HTTP status code
+		 * into a 200 so we'll avoid that for now: the user will see Apache specific
+		 * readable text anyway
+		 *
 		return oidc_util_html_send_error(r, c->error_template,
 				"Too Many Outstanding Requests",
 				apr_psprintf(r->pool,
 						"No authentication request could be generated since there are too many outstanding authentication requests already; you may have to wait up to %d seconds to be able to create a new request",
 						c->state_timeout),
 						HTTP_SERVICE_UNAVAILABLE);
+		*/
+
+		return HTTP_SERVICE_UNAVAILABLE;
 	}
 
 	/* assemble the cookie name for the state cookie */
-- 
2.26.2

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation