don't redirect XHR calls to the login page, 403 instead
This commit is contained in:
parent
df72147b93
commit
6796699e35
@ -35,6 +35,12 @@ class AuthorizationMixin(object):
|
|||||||
def handle_request(self):
|
def handle_request(self):
|
||||||
if self.isAuthorized():
|
if self.isAuthorized():
|
||||||
super().handle_request()
|
super().handle_request()
|
||||||
|
else:
|
||||||
|
if (
|
||||||
|
"x-requested-with" in self.request.headers
|
||||||
|
and self.request.headers["x-requested-with"] == "XMLHttpRequest"
|
||||||
|
):
|
||||||
|
self.send_response("{}", code=403)
|
||||||
else:
|
else:
|
||||||
target = "/login?{0}".format(parse.urlencode({"ref": self.request.path}))
|
target = "/login?{0}".format(parse.urlencode({"ref": self.request.path}))
|
||||||
self.send_redirect(target)
|
self.send_redirect(target)
|
||||||
|
Loading…
Reference in New Issue
Block a user