Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-6585

IPSecurityManager sends wrong response code and then renders login form

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • None
    • core
    • None

    Description

      IPSecurityManager will send 403, if the isAllowed check fails. This means that the magnolia login form will be rendered, which is a security problem.

      Either the correct code should be sent (405), or if this is on purpose, then the login form still shouldn't be rendered.

      Imo:
      response.setStatus(HttpServletResponse.SC_FORBIDDEN);
      should be
      response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              bvass Bence Vass
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD