Merge pull request #210 from Amsterdam/dpsecure-secupgrade

Proper handling of access denied exception when not matching expected
Schulddossier · Aug 3, 2020 · 56323a8 · 56323a8
2 parents c7cbe93 + e378827
commit 56323a8
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/Security/AccessDeniedHandler.php b/src/Security/AccessDeniedHandler.php
@@ -49,5 +49,7 @@ public function handle(Request $request, AccessDeniedException $accessDeniedExce
                 'message' => 'Gebruikerstype is onbekend. [' . $user->getEmail() . ']',
             ]), Response::HTTP_FORBIDDEN);
         }
+
+        return new Response($accessDeniedException->getMessage(), Response::HTTP_FORBIDDEN);
     }
 }