[ https://issues.apache.org/jira/browse/SLING-10452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Norman updated SLING-10452: -------------------------------- Description: When the modifyAce/deleteAce servlets receive an illegal or invalid :redirect parameter it should return a status code of [422|https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/422] instead of 200 because the request was not fully successful. Currently, the illegal :redirect parameter value is detected and a warning is logged. The request continues to be processed without the redirect occurring. The client has no indication that something went wrong without reviewing the server logs. For example: Illegal redirect {code:java} curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https://sling.apache.org http://localhost:8080/test/node.modifyAce.html {code} invalid redirect {code:java} curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https:// http://localhost:8080/test/node.modifyAce.html{code} was: When the modifyAce/deleteAce servlets receive an illegal or invalid :redirect parameter it should return a status code of [422|https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/422] instead of 200 because the request was not fully successful. Currently, the illegal :redirect parameter value is detected and a warning is logged. The request continues to be processed without the redirect occurring. The client has no indication that something went wrong without reviewing the server logs. For example: Illegal redirect {{}} {code:java} curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https://sling.apache.org http://localhost:8080/test/node.modifyAce.html {code} invalid redirect {{}} {code:java} curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https:// http://localhost:8080/test/node.modifyAce.html{code} {{}} {{}} > adjust HTTP status code for invalid :redirect value for modifyAce/deleteAce > post request > ---------------------------------------------------------------------------------------- > > Key: SLING-10452 > URL: https://issues.apache.org/jira/browse/SLING-10452 > Project: Sling > Issue Type: Improvement > Reporter: Eric Norman > Assignee: Eric Norman > Priority: Major > Fix For: JCR Jackrabbit Access Manager 3.0.10 > > > When the modifyAce/deleteAce servlets receive an illegal or invalid :redirect > parameter it should return a status code of > [422|https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/422] instead of > 200 because the request was not fully successful. > Currently, the illegal :redirect parameter value is detected and a warning is > logged. The request continues to be processed without the redirect > occurring. The client has no indication that something went wrong without > reviewing the server logs. > For example: > Illegal redirect > {code:java} > curl -F principalId=myuser -F privilege@jcr:read=granted -F > :redirect=https://sling.apache.org > http://localhost:8080/test/node.modifyAce.html > {code} > invalid redirect > {code:java} > curl -F principalId=myuser -F privilege@jcr:read=granted -F > :redirect=https:// http://localhost:8080/test/node.modifyAce.html{code} -- This message was sent by Atlassian Jira (v8.3.4#803005)