fix: unauthorized admin should receive 403 code

4 years ago · 4cd6fe8a56
1 changed files with 1 additions and 1 deletions
--- a/server/controllers/common.js
+++ b/server/controllers/common.js
@ -47,7 +47,7 @@ router.get(['/a', '/a/*'], (req, res, next) => {
    'manage:api'
  ])) {
    _.set(res.locals, 'pageMeta.title', 'Unauthorized')
-    return res.render('unauthorized', { action: 'view' })
+    return res.status(403).render('unauthorized', { action: 'view' })
  }

  _.set(res.locals, 'pageMeta.title', 'Admin')