enapps-enorman opened a new pull request #4: URL: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/pull/4
When the modifyAce/deleteAce servlets receive an illegal or invalid :redirect parameter it should return a status code of 422 instead of 200 because the request was not fully successful. Currently, the illegal :redirect parameter value is detected and a warning is logged. The request continues to be processed without the redirect occurring. The client has no indication that something went wrong without reviewing the server logs. For example: Illegal redirect curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https://sling.apache.org http://localhost:8080/test/node.modifyAce.html invalid redirect curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https:// http://localhost:8080/test/node.modifyAce.html -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org