don't redirect XHR calls to the login page, 403 instead
This commit is contained in:
parent
df72147b93
commit
6796699e35
@ -35,6 +35,12 @@ class AuthorizationMixin(object):
|
||||
def handle_request(self):
|
||||
if self.isAuthorized():
|
||||
super().handle_request()
|
||||
else:
|
||||
if (
|
||||
"x-requested-with" in self.request.headers
|
||||
and self.request.headers["x-requested-with"] == "XMLHttpRequest"
|
||||
):
|
||||
self.send_response("{}", code=403)
|
||||
else:
|
||||
target = "/login?{0}".format(parse.urlencode({"ref": self.request.path}))
|
||||
self.send_redirect(target)
|
||||
|
Loading…
Reference in New Issue
Block a user