On Wed, Sep 5, 2012 at 2:56 PM, Doug Hunley <doug.hunley_at_gmail.com> wrote:
> I've recently been tasked to implement mod_dontdothat, and the
> implementation is in jeopardy of being cancelled due to the apparent
> lack of ability to customize the error messaging returned to the user
> when mod_dontdothat disallows an action. Is there some means I'm
> missing of configuring this?
>
> As I understand it, when an action is disallowed, mod_dontdothat
> basically returns 'nope' which Apache then translated into a 403 which
> is returned to the user. The (uneducated) user gets a pop-up from
> Tortoise/Cornerstone and basically doesn't know why they're denied. In
> fact, if they pay any attention at all, they 'recognize' the pop-up
> and think their password is wrong. :(
>
> Is there some means to actually tell the user they authenticated
> successfully, but they tried an action that we're disallowing? Ideally
> we'd point them to a wiki showing what is/isn't allowed.
>
>
Assume you already looked at the code? The comments are interesting and
might point in a direction to go:
/* If we found something that isn't allowed, set the correct status
* and return an error so it'll bail out before it gets anywhere it
* can do real damage. */
if (ctx->no_soup_for_you)
{
/* XXX maybe set up the SVN-ACTION env var so that it'll show up
* in the Subversion operational logs? */
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f->r,
"mod_dontdothat: client broke the rules, "
"returning error");
/* Ok, pass an error bucket and an eos bucket back to the client.
*
* NOTE: The custom error string passed here doesn't seem to be
* used anywhere by httpd. This is quite possibly a bug.
*
* TODO: Try and pass back a custom document body containing a
* serialized svn_error_t so the client displays a better
* error message. */
bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
e = ap_bucket_error_create(403, "No Soup For You!",
f->r->pool, f->c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
e = apr_bucket_eos_create(f->c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
/* Don't forget to remove us, otherwise recursion blows the
stack. */
ap_remove_input_filter(f);
return ap_pass_brigade(f->r->output_filters, bb);
}
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2012-09-05 22:47:04 CEST