On Wed, 9 Aug 2017 11:38:24 +0200, Sönke Ludwig wrote:
[...]
Since redirection is implemented as returning a particular status code,
it cannot be mixed with other kinds of replies (i.e. theforbidden
response that would otherwise be generated by the thrown exception. If
both is required, you'll have to perform the redirection by setting theRefreshheader of the response object instead (with the appropriate
refresh timeout).Otherwise, you could pass any error message using a query parameter in
the call toredirect()and then simplyreturn AuthInfo.init;. Theforbiddencode would not be reported, but the destination page could
still display the message then.
Thanks for your Answer. I have a few more questions:
I tried your first suggestion, and it works as expected for me. However, of course this displays the 403 error page (blank page showing Error 403 and the Exception message) before the Refresh timeout runs out. For normal requests, It is possible to set the errorpage with @errorDisplay. Is there any possibility to do this in this case, too?
The second approach also works as expected. But still, the question remains, if it is safe to mark the call to redirect @trusted.