fix: strict same site mode breaks redirects

2 files changed, 3 insertions, 5 deletions

diff --git a/app/middleware/require_user.go b/app/middleware/require_user.go
index 8f54a04..d0d5355 100644
--- a/app/middleware/require_user.go
+++ b/app/middleware/require_user.go
@@ -10,7 +10,7 @@ func RequireUser() func(http.Handler) http.Handler {
 			if IsLoggedIn(r) {
 				next.ServeHTTP(w, r)
 			} else {
-				http.Redirect(w, r, "/", http.StatusFound)
+				w.WriteHeader(http.StatusNotFound)
 			}
 		})
 	}
diff --git a/app/middleware/require_user_test.go b/app/middleware/require_user_test.go
index 794f347..92734b2 100644
--- a/app/middleware/require_user_test.go
+++ b/app/middleware/require_user_test.go
@@ -4,7 +4,6 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain"
@@ -15,7 +14,7 @@ func TestRequireUser(t *testing.T) {
 	middleware := RequireUser()
 
 	t.Run("when a user is not logged in", func(t *testing.T) {
-		t.Run("redirects to the homepage", func(t *testing.T) {
+		t.Run("returns a 404 status", func(t *testing.T) {
 			r, w := test.RequestResponse("GET", "/example")
 
 			server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -23,8 +22,7 @@ func TestRequireUser(t *testing.T) {
 			}))
 			server.ServeHTTP(w, r)
 
-			require.Equal(t, http.StatusFound, w.Code)
-			assert.Equal(t, "/", w.Header().Get("Location"))
+			require.Equal(t, http.StatusNotFound, w.Code)
 		})
 	})