don't redirect XHR calls to the login page, 403 instead

This commit is contained in:
Jakob Ketterl 2021-03-27 23:45:21 +01:00
parent df72147b93
commit 6796699e35

View File

@ -35,6 +35,12 @@ class AuthorizationMixin(object):
def handle_request(self):
if self.isAuthorized():
super().handle_request()
else:
if (
"x-requested-with" in self.request.headers
and self.request.headers["x-requested-with"] == "XMLHttpRequest"
):
self.send_response("{}", code=403)
else:
target = "/login?{0}".format(parse.urlencode({"ref": self.request.path}))
self.send_redirect(target)