From 669b67e6663cdefd952924bfa4b517adacbe02bc Mon Sep 17 00:00:00 2001 From: Requi Date: Thu, 14 Apr 2022 07:26:19 +0200 Subject: [PATCH] WebAPI: return correct status Fix web API returning Not Found instead of Forbidden. When not having a session the API would return "Not Found" instead of "Forbidden" when trying to access a non-public endpoint. PR #16866. --- src/webui/webapplication.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/webui/webapplication.cpp b/src/webui/webapplication.cpp index 50c96306d..b250871e5 100644 --- a/src/webui/webapplication.cpp +++ b/src/webui/webapplication.cpp @@ -252,6 +252,9 @@ void WebApplication::doProcessRequest() const QString action = match.captured(u"action"_qs); const QString scope = match.captured(u"scope"_qs); + if (!session() && !isPublicAPI(scope, action)) + throw ForbiddenHTTPError(); + APIController *controller = nullptr; if (session()) controller = session()->getAPIController(scope); @@ -263,9 +266,6 @@ void WebApplication::doProcessRequest() throw NotFoundHTTPError(); } - if (!session() && !isPublicAPI(scope, action)) - throw ForbiddenHTTPError(); - DataMap data; for (const Http::UploadedFile &torrent : request().files) data[torrent.filename] = torrent.data;