From d3cb17f8032d95f0f8805a0ce74fe5fc41714bb8 Mon Sep 17 00:00:00 2001 From: mo khan Date: Wed, 30 Apr 2025 18:20:28 -0600 Subject: fix: strict same site mode breaks redirects --- app/middleware/require_user.go | 2 +- app/middleware/require_user_test.go | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) (limited to 'app/middleware') diff --git a/app/middleware/require_user.go b/app/middleware/require_user.go index 8f54a04..d0d5355 100644 --- a/app/middleware/require_user.go +++ b/app/middleware/require_user.go @@ -10,7 +10,7 @@ func RequireUser() func(http.Handler) http.Handler { if IsLoggedIn(r) { next.ServeHTTP(w, r) } else { - http.Redirect(w, r, "/", http.StatusFound) + w.WriteHeader(http.StatusNotFound) } }) } diff --git a/app/middleware/require_user_test.go b/app/middleware/require_user_test.go index 794f347..92734b2 100644 --- a/app/middleware/require_user_test.go +++ b/app/middleware/require_user_test.go @@ -4,7 +4,6 @@ import ( "net/http" "testing" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" @@ -15,7 +14,7 @@ func TestRequireUser(t *testing.T) { middleware := RequireUser() t.Run("when a user is not logged in", func(t *testing.T) { - t.Run("redirects to the homepage", func(t *testing.T) { + t.Run("returns a 404 status", func(t *testing.T) { r, w := test.RequestResponse("GET", "/example") server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -23,8 +22,7 @@ func TestRequireUser(t *testing.T) { })) server.ServeHTTP(w, r) - require.Equal(t, http.StatusFound, w.Code) - assert.Equal(t, "/", w.Header().Get("Location")) + require.Equal(t, http.StatusNotFound, w.Code) }) }) -- cgit v1.2.3