From ee02fb5d92b3db2da21f6068860d418f14fac135 Mon Sep 17 00:00:00 2001
From: Bubka <858858+Bubka@users.noreply.github.com>
Date: Thu, 23 Nov 2023 12:49:42 +0100
Subject: [PATCH] Change HTTP code returned for routes rejected in reverse
 proxy setup

---
 app/Http/Middleware/RejectIfReverseProxy.php             | 2 +-
 resources/js_vue3/views/settings/OAuth.vue               | 4 ++--
 resources/js_vue3/views/settings/WebAuthn.vue            | 4 ++--
 tests/Feature/Http/Auth/WebAuthnManageControllerTest.php | 6 +++---
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/Http/Middleware/RejectIfReverseProxy.php b/app/Http/Middleware/RejectIfReverseProxy.php
index 74f80453..889ada97 100644
--- a/app/Http/Middleware/RejectIfReverseProxy.php
+++ b/app/Http/Middleware/RejectIfReverseProxy.php
@@ -20,7 +20,7 @@ class RejectIfReverseProxy
 
             return response()->json([
                 'message' => __('errors.unsupported_with_reverseproxy'),
-            ], 400);
+            ], 405);
         }
 
         return $next($request);
diff --git a/resources/js_vue3/views/settings/OAuth.vue b/resources/js_vue3/views/settings/OAuth.vue
index 6cc70d9b..e08a6fbb 100644
--- a/resources/js_vue3/views/settings/OAuth.vue
+++ b/resources/js_vue3/views/settings/OAuth.vue
@@ -46,8 +46,8 @@
             })
         })
         .catch(error => {
-            if( error.response.status === 400 ) {
-                // The backend returns a 400 response for routes with the
+            if( error.response.status === 405 ) {
+                // The backend returns a 405 response for routes with the
                 // rejectIfReverseProxy middleware
                 isRemoteUser.value = true
             }
diff --git a/resources/js_vue3/views/settings/WebAuthn.vue b/resources/js_vue3/views/settings/WebAuthn.vue
index 7fa99fe7..9f582cc8 100644
--- a/resources/js_vue3/views/settings/WebAuthn.vue
+++ b/resources/js_vue3/views/settings/WebAuthn.vue
@@ -94,8 +94,8 @@
             credentials.value = response.data
         })
         .catch(error => {
-            if( error.response.status === 400 ) {
-                // The backend returns a 400 response for routes with the
+            if( error.response.status === 405 ) {
+                // The backend returns a 405 response for routes with the
                 // rejectIfReverseProxy middleware
                 isRemoteUser.value = true
             }
diff --git a/tests/Feature/Http/Auth/WebAuthnManageControllerTest.php b/tests/Feature/Http/Auth/WebAuthnManageControllerTest.php
index 311bc329..45202316 100644
--- a/tests/Feature/Http/Auth/WebAuthnManageControllerTest.php
+++ b/tests/Feature/Http/Auth/WebAuthnManageControllerTest.php
@@ -136,7 +136,7 @@ class WebAuthnManageControllerTest extends FeatureTestCase
     {
         $response = $this->actingAs($this->user, 'reverse-proxy-guard')
             ->json('GET', '/webauthn/credentials')
-            ->assertStatus(400);
+            ->assertStatus(405);
     }
 
     /**
@@ -146,7 +146,7 @@ class WebAuthnManageControllerTest extends FeatureTestCase
     {
         $response = $this->actingAs($this->user, 'reverse-proxy-guard')
             ->json('PATCH', '/webauthn/credentials/fqsdfqsdf/name')
-            ->assertStatus(400);
+            ->assertStatus(405);
     }
 
     /**
@@ -156,7 +156,7 @@ class WebAuthnManageControllerTest extends FeatureTestCase
     {
         $response = $this->actingAs($this->user, 'reverse-proxy-guard')
             ->json('DELETE', '/webauthn/credentials/dcnskldjnkljsrn')
-            ->assertStatus(400);
+            ->assertStatus(405);
     }
 
     /**