Login

jeroen.rottink · 08-31-2023, 12:25 PM

I have to check the IP from the client before allowing access to a page.
I test this in TContentForm.OnBeforeExecute and would like to return 403 Forbidden

Result is the exception 'Reply type already set.'

Code:
procedure TIWServerController.IWServerControllerBaseConfig(Sender: TObject);

var ContentHandler: TContentBase;

begin

  ContentHandler := TContentForm.Create('TDlgExternDisplay');

  ContentHandler.FileMustExist := False;

  ContentHandler.CanStartSession := True;

  ContentHandler.OnBeforeExecute := CheckAccessProfile;

  THandlers.Add('/externdisplay', ContentHandler);

end;

procedure TIWServerController.CheckAccessProfile(Sender: TObject; var AContinue: Boolean);

var RemoteAddr: string;

begin

  RemoteAddr := WebApplication.Request.RemoteAddr;

  if True

  then begin

    AContinue := False;

    // mark session for cleanup

    TerminateSession(WebApplication, 403, 'Forbidden');

  end;

end;

procedure TIWServerController.TerminateSession(ASession: TIWApplication; AHttpCode: integer; AHttpCodeText: string);

begin

  ASession.Response.Code := AHttpCode;

  ASession.Response.CodeText := AHttpCodeText;

  ASession.Terminate(AHttpCode.ToString + #32 + AHttpCodeText);

end;

Using IW 15.3.12

***Alexandre Machado*** · (This post was last modified: 09-17-2023, 12:56 AM by Alexandre Machado.)

Hi Jeroen,

I was able to recreate it here. That's an interesting usage of the OnBeforeExeucte method of the content handler. It required a simple fix in the content handlers logic that will be available in the next release.

BTW, you don't need to explicitly set the terminate message, once IW will return 403 - Forbidden, by default once you set the HttpCode, unless you want something different.

Cheers

Mario Villalba · 07-17-2024, 10:11 PM

(09-16-2023, 09:14 PM)Alexandre Machado Wrote: Hola Jeroen,

pude recrearlo aquí. Es un uso interesante del método OnBeforeExeucte del controlador de contenido. Requirió una corrección simple en la lógica de los controladores de contenido que estará disponible en la próxima versión.

Por cierto, no necesitas configurar explícitamente el mensaje de finalización, ya que IW devolverá 403 - Prohibido, de manera predeterminada una vez que configures el HttpCode, a menos que quieras algo diferente.

Saludos

Hello Alexandre.
You could modify the response code in the "IWServerControllerBaseExecuteRequest" event. When processing the request, if any exception is given, I need to return code 500. By directly assigning Response.Code := 500; It gives me the error 'Reply type already set.'.

***Alexandre Machado*** · 07-31-2024, 07:14 AM

(07-17-2024, 10:11 PM)Mario Villalba Wrote: Hello Alexandre.
You could modify the response code in the "IWServerControllerBaseExecuteRequest" event. When processing the request, if any exception is given, I need to return code 500. By directly assigning Response.Code := 500; It gives me the error 'Reply type already set.'.[/font][/size]

Hi Mario,

I'm not sure if I follow.

Are you trapping the exception and directly assigning Response.Code := 500 or letting the exeption flow?

Mario Villalba · 07-31-2024, 01:35 PM

(07-31-2024, 07:14 AM)Alexandre Machado Wrote:
(07-17-2024, 10:11 PM)Mario Villalba Wrote: Hello Alexandre.
You could modify the response code in the "IWServerControllerBaseExecuteRequest" event. When processing the request, if any exception is given, I need to return code 500. By directly assigning Response.Code := 500; It gives me the error 'Reply type already set.'.[/font][/size]

Hi Mario,

I'm not sure if I follow.

Are you trapping the exception and directly assigning Response.Code := 500 or letting the exeption flow?

Hello Alexandre.
I was able to solve it now. When catching the exception I was directly assigning "Response.Code := 500;" without first resetting the response "Response.ResetReplyType;"
Thank you so much

Login
Username:
Password:	Lost Password?
	Remember me