diff options
Diffstat (limited to 'include/forward_unauthorized.hpp')
-rw-r--r-- | include/forward_unauthorized.hpp | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/include/forward_unauthorized.hpp b/include/forward_unauthorized.hpp index 5b437b1695..ddf3e3b13d 100644 --- a/include/forward_unauthorized.hpp +++ b/include/forward_unauthorized.hpp @@ -22,31 +22,30 @@ inline void sendUnauthorized(std::string_view url, res.result(boost::beast::http::status::temporary_redirect); res.addHeader("Location", "/#/login?next=" + http_helpers::urlEncode(url)); + return; } - else - { - // If we don't have a webui installed, just return a lame - // unauthorized body - res.result(boost::beast::http::status::unauthorized); - res.body() = "Unauthorized"; - } - } - else - { + // If we don't have a webui installed, just return an unauthorized + // body res.result(boost::beast::http::status::unauthorized); + res.body() = "Unauthorized"; + return; + } - // XHR requests from a browser will set the X-Requested-With header when - // doing their requests, even though they might not be requesting html. - if (!xRequestedWith.empty()) - { - // Only propose basic auth as an option if it's enabled. - if (persistent_data::SessionStore::getInstance() - .getAuthMethodsConfig() - .basic) - { - res.addHeader("WWW-Authenticate", "Basic"); - } - } + res.result(boost::beast::http::status::unauthorized); + + // XHR requests from a browser will set the X-Requested-With header when + // doing their requests, even though they might not be requesting html. + if (!xRequestedWith.empty()) + { + return; + } + // if basic auth is disabled, don't propose it. + if (!persistent_data::SessionStore::getInstance() + .getAuthMethodsConfig() + .basic) + { + return; } + res.addHeader("WWW-Authenticate", "Basic"); } } // namespace forward_unauthorized |