Eric Norman created SLING-10456:
-----------------------------------

             Summary: adjust HTTP status code for invalid :redirect value for 
usermanager post requests
                 Key: SLING-10456
                 URL: https://issues.apache.org/jira/browse/SLING-10456
             Project: Sling
          Issue Type: Improvement
            Reporter: Eric Norman
            Assignee: Eric Norman
             Fix For: JCR Jackrabbit User Manager 2.2.14


When the usermanager servlets receive an illegal or invalid :redirect parameter 
it should return a status code of 
[422|https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/422] instead of 
200 because the request was not fully successful.

Currently, the illegal :redirect parameter value is detected and a warning is 
logged.  The request continues to be processed without the redirect occurring.  
The client has no indication that something went wrong without reviewing the 
server logs.

For example:

Illegal redirect 
{code:java}
curl -F displayName=updated -F :redirect=https://sling.apache.org 
http://localhost:8080/system/userManager/user/testUser1.update.html
{code}
 invalid redirect
{code:java}
curl -F displayName=updated -F :redirect=https:// 
http://localhost:8080/system/userManager/user/testUser1.update.html
{code}
h4.  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to