Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support SecurityException Status Codes
SecurityException Status Codes
  • Offline donpwinston
    Web Developer
  • ****
  • Posts: 271
    Threads: 64
    Joined: Jan 2016
    Reputation: 7
#1
03-27-2024, 04:26 AM
(This post was last modified: 03-27-2024, 04:40 AM by donpwinston.)

It appears CI4.4.3 is setting a 5XX status code for SecurityExceptions. My security people are complaining about this. They (unbelievably) have classified it as a HIGH/cat 1 severity security vulnerability.  I think my apps(5 of them) have been doing this for a few years but all of a sudden they are flagging this now for some reason. (They do regular probing of our apps every Sunday)
How can I change this? 
I set
 
PHP Code:
seurity.redirect true 
in the .env file but I think that only applies to CSRF SecurityExceptions. I throw a bunch of them in several filters I use to counter other security vulnerabilities my security people have told me to fix. I suppose I could throw some other kind of exception but I'd rather not.

Looking at the SecurityException class the disallowedAction is supposed to be a 403. So my SecurityException invocations should not be setting the status code to 5xx.

What else could be?
Simpler is always better
Reply


Messages In This Thread
SecurityException Status Codes - by donpwinston - 03-27-2024, 04:26 AM
RE: SecurityException Status Codes - by kenjis - 03-27-2024, 03:50 PM
RE: SecurityException Status Codes - by kenjis - 03-31-2024, 02:43 PM
RE: SecurityException Status Codes - by kenjis - 04-01-2024, 06:21 PM



Theme © iAndrew 2016 - Forum software by © MyBB