(mvc) fix http status codes, closes https://github.com/opnsense/core/issues/1358

(cherry picked from commit e574dcc6)

(mvc) fix http status codes, closes https://github.com/opnsense/core/issues/1358
(cherry picked from commit e574dcc6)
d8a41efe · Ad Schellevis · Franco Fichtner · 74af0eaa · d8a41efe · d8a41efe
Commit d8a41efe authored Jan 30, 2017 by Ad Schellevis Committed by Franco Fichtner Feb 06, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

ApiControllerBase.php ...e/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php +2 -0

ControllerBase.php ...ense/mvc/app/controllers/OPNsense/Base/ControllerBase.php +1 -0

No files found.
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
@@ -171,6 +171,7 @@ class ApiControllerBase extends ControllerRoot
            // handle UI ajax requests
            // use session data and ACL to validate request.
            if (!$this->doAuth()) {
+                $this->response->setStatusCode(401, "Unauthorized");
                return false;
            }

@@ -185,6 +186,7 @@ class ApiControllerBase extends ControllerRoot
            ) {
                // missing csrf, exit.
                $this->getLogger()->error("no matching csrf found for request");
+                $this->response->setStatusCode(403, "Forbidden");
                return false;
            }
        }

--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
@@ -179,6 +179,7 @@ class ControllerBase extends ControllerRoot
            // check for valid csrf on post requests
            if ($this->request->isPost() && !$this->security->checkToken(null, null, false)) {
                // post without csrf, exit.
+                $this->response->setStatusCode(403, "Forbidden");
                return false;
            }