Subject: CVS commit: pkgsrc/www/ap2-auth-mellon
From: Emmanuel Dreyfus
Date: 2016-10-18 17:13:41
Message id: 20161018151341.E53C3FBD2@cvs.NetBSD.org
Log Message:
Do not redirect unauthenticated AJAX request to the IdP

When MellonEnable is "auth" and we get an unauthenticated AJAX
request (identified by the X-Request-With: XMLHttpRequest HTTP
header), fail with HTTP code 403 Forbidden instead of redirecting
to the IdP. This saves resources, as the client has no opportunity
to interract with the user to complete authentification.
Files:
RevisionActionfile
1.36modifypkgsrc/www/ap2-auth-mellon/Makefile
1.16modifypkgsrc/www/ap2-auth-mellon/distinfo
1.1addpkgsrc/www/ap2-auth-mellon/patches/patch-0347