don't redirect XHR calls to the login page, 403 instead

2021-03-27 23:45:21 +01:00 · 2021-03-27 23:45:21 +01:00 · 6796699e35
commit 6796699e35
parent df72147b93
1 changed files with 8 additions and 2 deletions
--- a/owrx/controllers/admin.py
+++ b/owrx/controllers/admin.py
@ -36,5 +36,11 @@ class AuthorizationMixin(object):
        if self.isAuthorized():
            super().handle_request()
        else:
-            target = "/login?{0}".format(parse.urlencode({"ref": self.request.path}))
-            self.send_redirect(target)
+            if (
+                "x-requested-with" in self.request.headers
+                and self.request.headers["x-requested-with"] == "XMLHttpRequest"
+            ):
+                self.send_response("{}", code=403)
+            else:
+                target = "/login?{0}".format(parse.urlencode({"ref": self.request.path}))
+                self.send_redirect(target)