Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Set Response 403 from TContentForm.OnBeforeExecute
#1
I have to check the IP from the client before allowing access to a page.
I test this in TContentForm.OnBeforeExecute and would like to return 403 Forbidden

Result is the exception 'Reply type already set.'


Code:
procedure TIWServerController.IWServerControllerBaseConfig(Sender: TObject);
var ContentHandler: TContentBase;
begin
  ContentHandler := TContentForm.Create('TDlgExternDisplay');
  ContentHandler.FileMustExist := False;
  ContentHandler.CanStartSession := True;
  ContentHandler.OnBeforeExecute := CheckAccessProfile;
  THandlers.Add('/externdisplay', ContentHandler);
end;

procedure TIWServerController.CheckAccessProfile(Sender: TObject; var AContinue: Boolean);
var RemoteAddr: string;
begin
  RemoteAddr := WebApplication.Request.RemoteAddr;
  if True
  then begin
    AContinue := False;
    // mark session for cleanup
    TerminateSession(WebApplication, 403, 'Forbidden');
  end;
end;

procedure TIWServerController.TerminateSession(ASession: TIWApplication; AHttpCode: integer; AHttpCodeText: string);
begin
  ASession.Response.Code := AHttpCode;
  ASession.Response.CodeText := AHttpCodeText;
  ASession.Terminate(AHttpCode.ToString + #32 + AHttpCodeText);
end;

Using IW 15.3.12
Reply
#2
Hi Jeroen,

I was able to recreate it here. That's an interesting usage of the OnBeforeExeucte method of the content handler. It required a simple fix in the content handlers logic that will be available in the next release.

BTW, you don't need to explicitly set the terminate message, once IW will return 403 - Forbidden, by default once you set the HttpCode, unless you want something different.

Cheers
Reply
#3
(09-16-2023, 09:14 PM)Alexandre Machado Wrote: Hola Jeroen,

pude recrearlo aquí. Es un uso interesante del método OnBeforeExeucte del controlador de contenido. Requirió una corrección simple en la lógica de los controladores de contenido que estará disponible en la próxima versión.

Por cierto, no necesitas configurar explícitamente el mensaje de finalización, ya que IW devolverá 403 - Prohibido, de manera predeterminada una vez que configures el HttpCode, a menos que quieras algo diferente.

Saludos

Hello Alexandre.
You could modify the response code in the "IWServerControllerBaseExecuteRequest" event. When processing the request, if any exception is given, I need to return code 500. By directly assigning Response.Code := 500; It gives me the error 'Reply type already set.'.
Reply
#4
(07-17-2024, 10:11 PM)Mario Villalba Wrote: Hello Alexandre.
You could modify the response code in the "IWServerControllerBaseExecuteRequest" event. When processing the request, if any exception is given, I need to return code 500. By directly assigning Response.Code := 500; It gives me the error 'Reply type already set.'.[/font][/size]

Hi Mario,

I'm not sure if I follow.

Are you trapping the exception and directly assigning Response.Code := 500 or letting the exeption flow?
Reply
#5
(07-31-2024, 07:14 AM)Alexandre Machado Wrote:
(07-17-2024, 10:11 PM)Mario Villalba Wrote: Hello Alexandre.
You could modify the response code in the "IWServerControllerBaseExecuteRequest" event. When processing the request, if any exception is given, I need to return code 500. By directly assigning Response.Code := 500; It gives me the error 'Reply type already set.'.[/font][/size]

Hi Mario,

I'm not sure if I follow.

Are you trapping the exception and directly assigning Response.Code := 500 or letting the exeption flow?

Hello Alexandre.
I was able to solve it now. When catching the exception I was directly assigning "Response.Code := 500;" without first resetting the response "Response.ResetReplyType;"
Thank you so much
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)