RedirectHandler issues with non HTML

[dereuromark]

When using extension based routing and clearly non-HTML actions, if there are any permission issues
the user gets redirected to /login (302)

The URL e.g. is

/updates/check.json

And the response is expected to be JSON.
So here the expectation would be for the handler to actually ignore the redirect part and just throw the 4xx exception I assume?
As there should be no redirects on such endpoints from the auth part.

[dereuromark]

Maybe sth like this added to it prior to starting to redirect?

	$params = (array)$request->getAttribute('params');
	if (!empty($params['_ext']) && $params['_ext'] !== 'html') {
		throw $exception;
	}

[markstory]

Why do you have an unauthenticatedRedirect configured for actions where you don't want redirects?

[dereuromark]

This is a global handler, not just for a specific action. So there is no way to handle this more granularity for a normal app.
This is just one specific action and ext within many of a controller. And adding specific rules here per such case throughout an app would be super crazy complicated IMO.

[dereuromark]

This works nicely by the way: https://github.com/dereuromark/cakephp-tinyauth/blob/f7697e369196f7a932f74b02f5b29c10bca16f52/src/Middleware/UnauthorizedHandler/ForbiddenCakeRedirectHandler.php#L48-L51

I guess it could be made more configurable if desired, but I dont know what other extensions would be useful to actually have redirects instead of the actual type based response as exception handling.