diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2019-01-02 21:43:05 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2019-01-02 21:43:05 +0100 |
| commit | 945cf832ad2c20c10704282d03326d8495d0ca4b (patch) | |
| tree | 00b83a1b046d5cfe498e871743c572b826840203 /app/Controllers/authController.php | |
| parent | a6623b7b2fa3f026a0ea30e49b1a221f7a4a8e55 (diff) | |
HTTP authenfication fixes (#2204)
* Security fixes when HTTP user does not exist in FreshRSS
* Accept HTTP header X-WebAuth-User for delegated HTTP Authentication (e.g. Træfik)
* Document delegated HTTP authentication from https://github.com/FreshRSS/FreshRSS/pull/2202
Diffstat (limited to 'app/Controllers/authController.php')
| -rw-r--r-- | app/Controllers/authController.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index 5ad1a51d9..3b2d78b19 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -79,8 +79,12 @@ class FreshRSS_auth_Controller extends Minz_ActionController { Minz_Request::forward(array('c' => 'auth', 'a' => 'formLogin')); break; case 'http_auth': + Minz_Error::error(403, array('error' => array(_t('feedback.access.denied'), + ' [HTTP Remote-User=' . htmlspecialchars(httpAuthUser(), ENT_NOQUOTES, 'UTF-8') . ']' + )), false); + break; case 'none': - // It should not happened! + // It should not happen! Minz_Error::error(404); default: // TODO load plugin instead |