Change the expired nonce return status code from 400 to 419.

2025-04-16 17:19:02 +08:00 · 2015-05-19 13:13:14 -04:00 · 2015-05-19 13:13:14 -04:00 · e44ddff9bb
commit e44ddff9bb
parent e1d2ecef10
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@ -57,7 +57,7 @@ class SessionController < ApplicationController

    sso = DiscourseSingleSignOn.parse(request.query_string)
    if !sso.nonce_valid?
-      return render(text: I18n.t("sso.timeout_expired"), status: 400)
+      return render(text: I18n.t("sso.timeout_expired"), status: 419)
    end

    if ScreenedIpAddress.should_block?(request.remote_ip)