Skip to content

Commit

Permalink
SAK-23678 Send a proper 403 for unauth'ed byte-range requests. Thanks…
Browse files Browse the repository at this point in the history 
… to UCT for patch

git-svn-id: https://source.sakaiproject.org/svn/access/trunk@125715 66ffb92e-73f9-0310-93c1-f5514f145a0a
  • Loading branch information
@ottenhoff
ottenhoff committed Jun 13, 2013
1 parent 27d32be commit 0272daf
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions access/access-impl/impl/src/java/org/sakaiproject/access/tool/AccessServlet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,12 @@ protected void doLogin(HttpServletRequest req, HttpServletResponse res, String p
}


// if there is a Range: header for partial content and we haven't done basic auth, refuse the request (SAK-23678)
if (req.getHeader("Range") != null) {
sendError(res, HttpServletResponse.SC_FORBIDDEN);
return;
}

// get the Sakai session
Session session = SessionManager.getCurrentSession();

Expand Down

0 comments on commit 0272daf

Please sign in to comment.