[
https://issues.apache.org/jira/browse/KNOX-1210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16408126#comment-16408126
]
ASF subversion and git services commented on KNOX-1210:
-------------------------------------------------------
Commit ee55e06fcf58c98959afab774fd891f1d9fa49ad in knox's branch
refs/heads/master from [~moresandeep]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=ee55e06 ]
KNOX-1210 - Update response code from 403 to 401 for token validation failures
(for XHR request)
> SSOCookieProvider should detect expired SSO token
> -------------------------------------------------
>
> Key: KNOX-1210
> URL: https://issues.apache.org/jira/browse/KNOX-1210
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxSSO
> Affects Versions: 0.14.0
> Reporter: Jeff Storck
> Assignee: Sandeep More
> Priority: Major
> Attachments: KNOX-1210.001.patch
>
>
> While proxying a UI that makes XHR (XMLHttpRequest) calls through Knox, if
> the SSO token expires, that request through Knox will be redirected to the
> KnoxSSO login page, which will be the response to the request itself. The UI
> that receives this response will attempt to parse it and fail, since it is
> not the expected response; it is the KnoxSSO login page itself.
> When a request is made with a {code}X-Requested-With{code} header set to
> {code}XMLHttpRequest{code} the SSOCookieProvider should check for SSO token
> expiry. If the token has not expired, the request should continue through to
> the proxied resource. If the token has expired, rather than redirecting to
> the KnoxSSO login page, a
> {code}401 Unauthorized{code} response should be returned.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
