/** * If an SecurityException is being caught, ajax requests return a JSON error * response and non ajax requests redirect to the index * @param Controller $controller the controller that is being called * @param string $methodName the name of the method that will be called on * the controller * @param \Exception $exception the thrown exception * @throws \Exception the passed in exception if it cant handle it * @return Response a Response object or null in case that the exception could not be handled */ public function afterException($controller, $methodName, \Exception $exception) { if ($exception instanceof SecurityException) { if ($exception->isAjax()) { $response = new JSONResponse(array('message' => $exception->getMessage()), $exception->getCode()); $this->api->log($exception->getMessage(), 'debug'); } else { $url = $this->api->linkToAbsolute('index.php', ''); // TODO: replace with link to route $response = new RedirectResponse($url); $this->api->log($exception->getMessage(), 'debug'); } // in case of HTTP auth we need to send the appropriate headers if ($this->isAPICall && $exception->getCode() === Http::STATUS_UNAUTHORIZED) { $response->addHeader('WWW-Authenticate', 'Basic realm="Authorisation Required"'); } return $response; } else { throw $exception; } }