Skip to content

Is there a way to fail as 401 (Unauthorized) when CAS cookie is missing rather than redirecting? #213

Description

@barmintor

My reading of the code here is that there is no configuration to have a CAS-authorized resource to return a HTTP 401 rather than a 302 when there's no valid session; this presents an issue for some long-running web front-ends after activity timeouts (fetched JSON or other assets start returning ambiguous 302) so I want to check with the authoritative source.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions