Returning an HTTP 403 from %CSP.SessionEvents:OnStartRequest
Is there a way, given a %CSP.SessionEvents subclass, to simply return an HTTP 403 error status from OnStartRequest?
If I return an error %Status from the method, it'll go to the error page; if I don't, it's always a 200 OK and the page continues to render.
Product version: IRIS 2021.2
$ZV: IRIS for Windows (x86-64) 2021.2 (Build 651U) Mon Jan 31 2022 17:39:04 EST
Try this:
ClassMethod OnStartRequest() As %Status { #dim %response As %CSP.Response ;s %response.ContentType="text/html",%response.Expires=-1 s %response.Status=##class(%CSP.REST).#HTTP403FORBIDDEN q $$$OK }Or this:
/// Event handler for <b>PreHTTP</b> event: this is invoked before /// the HTTP headers for a CSP page have been sent. All changes to the /// <class>%CSP.Response</class> class, such as adding cookies, HTTP headers, /// setting the content type etc. must be made from within the OnPreHTTP() method. /// Also changes to the state of the CSP application such as changing /// %session.EndSession or %session.AppTimeout must be made within the OnPreHTTP() method. /// It is prefered that changes to %session.Preserve are also made in the OnPreHTTP() method /// as this is more efficient, although it is supported in any section of the page. /// Return <b>0</b> to prevent <method>OnPage</method> from being called. ClassMethod OnPreHTTP() As %Boolean [ ServerOnly = 1 ] { s %response.Status="403 Forbidden" q 0 }Here's the problem:
The solution might be using a custom error page too.
Simple solution:
Create a class extending %CSP.Page with:
ClassMethod OnPreHTTP() As %Boolean { Set %response.Status = ##class(%CSP.REST).#HTTP403FORBIDDEN Quit 0 }From the %CSP.SessionEvents subclass, in OnStartRequest: