diff options
author | Telyn <telyn@telynz.uk> | 2018-01-31 11:30:50 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-31 11:30:50 +0000 |
commit | 9ef70ed3d53e11dacc5d4df4478d5ff452a2dd6d (patch) | |
tree | ace44f0ea0a81d7d369df74c3d95c219905e7fa6 /lib/mauve/web_interface.rb | |
parent | 0be1fa0ebadf9435a760582d17f47ff96dc0851c (diff) | |
parent | 9af0d1761552601db30de7a991d90d64ec6c88f5 (diff) |
Release to master
Diffstat (limited to 'lib/mauve/web_interface.rb')
-rw-r--r-- | lib/mauve/web_interface.rb | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/mauve/web_interface.rb b/lib/mauve/web_interface.rb index 5fa1fb8..3bad868 100644 --- a/lib/mauve/web_interface.rb +++ b/lib/mauve/web_interface.rb @@ -123,11 +123,15 @@ EOF # Uh-oh.. Intruder alert! # ok_urls = %w(/ /login /logout) - no_redirect_urls = %w(/ajax) - unless ok_urls.include?(request.path_info) - flash['error'] = "You must be logged in to access that page." - redirect "/login?next_page=#{request.path_info}" unless no_redirect_urls.any?{|u| /^#{u}/ =~ request.path_info } + unless ok_urls.include?(request.path_info) + # No auth, so we need to stop the page loading + if request.xhr? # No redirecting for AJAX requests + halt 403, {'Content-Type' => 'text/plain'}, 'You must be logged in to access this page.' + else + flash['error'] = 'You must be logged in to access that page.' + redirect "/login?next_page=#{request.path_info}" + end end end end |