(fix): always return 401 for mobile pam check

cd45b302 · Mark Harding · 68e4f5a4 · cd45b302 · cd45b302
Commit cd45b302 authored 6 hours ago by Mark Harding
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions
--- a/Api/Factory.php
+++ b/Api/Factory.php
@@ -110,6 +110,10 @@ class Factory

            $code = !Security\XSRF::validateRequest() ? 403 : 401;

+            if (isset($_SERVER['HTTP_APP_VERSION'])) {
+                $code = 401; // Mobile requires 401 errors
+            }
+
            header('Content-type: application/json');
            http_response_code($code);
            echo json_encode([

--- a/Core/Security/XSRF.php
+++ b/Core/Security/XSRF.php
@@ -17,10 +17,6 @@ class XSRF

    public static function validateRequest()
    {
-        if (isset($_SERVER['HTTP_APP_VERSION'])) {
-            return true; // This is mobile
-        }
-
        if (!isset($_SERVER['HTTP_X_XSRF_TOKEN'])) {
            return false;
        }