Feature #7585 » 0001-Log-unexpected-GET-requests-on-Ajax-sessions.patch
| src/web/WebSession.C | ||
|---|---|---|
|
serveError(403, handler, "Forbidden");
|
||
|
} else
|
||
|
try {
|
||
|
bool alreadyAjax = env_->ajax();
|
||
|
/*
|
||
|
* If we have just created a new session, we need to take care:
|
||
|
* - requests from a dead session -> reload
|
||
| ... | ... | |
|
}
|
||
|
if (doNotify) {
|
||
|
app_->notify(WEvent(WEvent::Impl(&handler)));
|
||
|
if (handler.response() && !requestForResource) {
|
||
|
/*
|
||
|
* This may be when an error was thrown during event
|
||
|
* propagation: then we want to render the error message.
|
||
|
*/
|
||
|
app_->notify(WEvent(WEvent::Impl(&handler, true)));
|
||
|
}
|
||
|
if (alreadyAjax && !requestForResource && isEqual(request.requestMethod(), "GET") && wtdE) {
|
||
|
// If the *wtdE had not matched our sessionId_, a new session would have started instead of reaching here.
|
||
|
LOG_SECURE("Unexpected GET request with wtd of existing Ajax session: " << *wtdE);
|
||
|
serveError(403, handler, "Forbidden");
|
||
|
}
|
||
|
else {
|
||
|
app_->notify(WEvent(WEvent::Impl(&handler)));
|
||
|
if (handler.response() && !requestForResource) {
|
||
|
/*
|
||
|
* This may be when an error was thrown during event
|
||
|
* propagation: then we want to render the error message.
|
||
|
*/
|
||
|
app_->notify(WEvent(WEvent::Impl(&handler, true)));
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
break;
|
||