6b78240d39
From this commit on, api endpoints reply with a 401 error code and non api endpoints redirect to /error/40X. This commit also fixes missing restrictions on /loggedin (the "already logged in page). This was not a security issue, though. The change also makes error pages automatically redirect the user after few seconds based on the referrer or the default_redirection_url if provided in the configuration. Warning: The old /verify endpoint of the REST API has moved to /api/verify. You will need to update your nginx configuration to take this change into account. |
||
|---|---|---|
| .. | ||
| access_control | ||
| authentication | ||
| configuration | ||
| connectors/mongo | ||
| ldap | ||
| mocks | ||
| notifiers | ||
| regulation | ||
| routes | ||
| storage | ||
| utils | ||
| IdentityCheckMiddleware.test.ts | ||
| ServerConfiguration.test.ts | ||
| SessionConfigurationBuilder.test.ts | ||
| requests.ts | ||