From 7f5666375a3351e9c37589456b6fb3c92ef987c0 Mon Sep 17 00:00:00 2001 From: Hans Zandbelt Date: Sat, 4 Aug 2018 08:55:33 +0200 Subject: [PATCH 09/11] don't return content with 503; see #331 since it turns the HTTP 503 status code into a 200 which we don't prefer for XHR clients; users will see Apache specific readable text Signed-off-by: Hans Zandbelt (cherry picked from commit 9e98f1a042fa14d6b0892638a0d87c2b951837b6) --- ChangeLog | 4 +++- src/mod_auth_openidc.c | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 27f45be..dfe4bd6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,10 @@ +08/04/2018 +- don't return content with 503 since it will turn the HTTP status code into a 200; see #331 08/03/2018 - add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies; see #331 - make the default maximum number of parallel state cookies 7 instead of unlimited; see #331 -- bump o 2.3.8rc1 +- bump to 2.3.8rc1 07/06/2018 - abort when string length for remote user name substitution is larger than 255 characters diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c index c0f65c6..e3817a9 100644 --- a/src/mod_auth_openidc.c +++ b/src/mod_auth_openidc.c @@ -833,12 +833,20 @@ static int oidc_authorization_request_set_cookie(request_rec *r, * XHR client handle this? */ + /* + * it appears that sending content with a 503 turns the HTTP status code + * into a 200 so we'll avoid that for now: the user will see Apache specific + * readable text anyway + * return oidc_util_html_send_error(r, c->error_template, "Too Many Outstanding Requests", apr_psprintf(r->pool, "No authentication request could be generated since there are too many outstanding authentication requests already; you may have to wait up to %d seconds to be able to create a new request", c->state_timeout), HTTP_SERVICE_UNAVAILABLE); + */ + + return HTTP_SERVICE_UNAVAILABLE; } /* assemble the cookie name for the state cookie */ -- 2.26.2