From 2778d2ad5697ef293faffecd5365055a76a5be23 Mon Sep 17 00:00:00 2001 From: Bernd Bestel Date: Fri, 3 Apr 2020 18:22:05 +0200 Subject: [PATCH] Don't return anything in the response body when unauthenticated (fixes #696) --- middleware/SessionAuthMiddleware.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/middleware/SessionAuthMiddleware.php b/middleware/SessionAuthMiddleware.php index 2a6b4ce3..16070eb0 100644 --- a/middleware/SessionAuthMiddleware.php +++ b/middleware/SessionAuthMiddleware.php @@ -44,7 +44,7 @@ class SessionAuthMiddleware extends BaseMiddleware if ((!isset($_COOKIE[$this->SessionCookieName]) || !$sessionService->IsValidSession($_COOKIE[$this->SessionCookieName])) && $routeName !== 'login') { define('GROCY_AUTHENTICATED', false); - $response = $handler->handle($request); + $response = new \Slim\Psr7\Response(); // No content when unauthorized $response = $response->withHeader('Location', $this->AppContainer->get('UrlManager')->ConstructUrl('/login')); } else