From b46c24290ec3a500095dd6b7d2737c30bc7fa063 Mon Sep 17 00:00:00 2001
From: manu <manu@pkgsrc.org>
Date: Tue, 18 Oct 2016 15:13:41 +0000
Subject: Do not redirect unauthenticated AJAX request to the IdP

When MellonEnable is "auth" and we get an unauthenticated AJAX
request (identified by the X-Request-With: XMLHttpRequest HTTP
header), fail with HTTP code 403 Forbidden instead of redirecting
to the IdP. This saves resources, as the client has no opportunity
to interract with the user to complete authentification.
---
 www/ap2-auth-mellon/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'www/ap2-auth-mellon/Makefile')

diff --git a/www/ap2-auth-mellon/Makefile b/www/ap2-auth-mellon/Makefile
index eed80bde9a3..6af925195aa 100644
--- a/www/ap2-auth-mellon/Makefile
+++ b/www/ap2-auth-mellon/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.35 2016/10/07 18:26:12 adam Exp $
+# $NetBSD: Makefile,v 1.36 2016/10/18 15:13:41 manu Exp $
 #
 
 DISTNAME=	mod_auth_mellon-0.12.0	
 PKGNAME=	${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/g}
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	www security
 MASTER_SITES=	https://github.com/UNINETT/mod_auth_mellon/releases/download/v${DISTNAME:C/.*-//}/
 
-- 
cgit v1.2.3