Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: SecurityException's HTTP status code #6408

Merged
merged 2 commits into from
Aug 22, 2022
Merged

fix: SecurityException's HTTP status code #6408

merged 2 commits into from
Aug 22, 2022

Conversation

kenjis
Copy link
Member

@kenjis kenjis commented Aug 22, 2022
edited
Loading

Description
Follow-up #6228

  • fix SecurityException's HTTP status code

How to Test

diff --git a/app/Config/Filters.php b/app/Config/Filters.php
index 7b70c4fb3..06e0b9941 100644
--- a/app/Config/Filters.php
+++ b/app/Config/Filters.php
@@ -30,7 +30,7 @@ class Filters extends BaseConfig
     public array $globals = [
         'before' => [
             // 'honeypot',
-            // 'csrf',
+            'csrf',
             // 'invalidchars',
         ],
         'after' => [
diff --git a/app/Config/Routes.php b/app/Config/Routes.php
index 71b7a86de..b41442a41 100644
--- a/app/Config/Routes.php
+++ b/app/Config/Routes.php
@@ -30,6 +30,7 @@ $routes->set404Override();
 // We get a performance increase by specifying the default
 // route since we don't have to scan directories.
 $routes->get('/', 'Home::index');
+$routes->post('/', 'Home::index');
 
 /*
  * --------------------------------------------------------------------
diff --git a/app/Config/Security.php b/app/Config/Security.php
index 1474404be..c4cdf9b0e 100644
--- a/app/Config/Security.php
+++ b/app/Config/Security.php
@@ -80,7 +80,7 @@ class Security extends BaseConfig
      *
      * Redirect to previous page with error on failure.
      */
-    public bool $redirect = true;
+    public bool $redirect = false;
 
     /**
      * --------------------------------------------------------------------------
diff --git a/app/Controllers/Home.php b/app/Controllers/Home.php
index 7f867e95f..dd8f1ea72 100644
--- a/app/Controllers/Home.php
+++ b/app/Controllers/Home.php
@@ -6,6 +6,6 @@ class Home extends BaseController
 {
     public function index()
     {
-        return view('welcome_message');
+        return '<form method="post" action="/"><input type="submit" value="Submit"></form>';
     }
 }

Before:
screenshot 2022-08-22 8 52 12

After:
screenshot 2022-08-22 8 52 46

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

@kenjis kenjis added 4.3 bug Verified issues on the current code behavior or pull requests that will fix them labels Aug 22, 2022
MGatner
MGatner approved these changes Aug 22, 2022
View reviewed changes
Copy link
Member

@MGatner MGatner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you posted the same screenshot twice, but I understand the change. Approved!

@kenjis
Copy link
Member Author

kenjis commented Aug 22, 2022

Yes, I forgot to implement HTTPExceptionInterface, so the HTTP status code was 500, not 403.

@kenjis kenjis merged commit ec6e6a9 into codeigniter4:4.3 Aug 22, 2022
@kenjis kenjis deleted the fix-SecurityException-HTTP-status branch August 22, 2022 23:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MGatner MGatner MGatner approved these changes

Assignees
No one assigned
Labels
4.3 bug Verified issues on the current code behavior or pull requests that will fix them
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kenjis @MGatner