X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=blobdiff_plain;f=authorize.php;h=0740e23d152880eae48d826cad511c9b780cd9a9;hp=33ffd09fc173be3807f574f6c27acb17b97e77d8;hb=46f7aedadd9c6b1bb64e72c4c0770d9b1030454f;hpb=ea0452ad570f441f151a8a083e0810c12476a134

diff --git a/authorize.php b/authorize.php
index 33ffd09..0740e23 100644
--- a/authorize.php
+++ b/authorize.php
@@ -22,6 +22,7 @@ $title->appendText('Authorization Request | KaiRo.at');
 $h1 = $body->appendElement('h1', 'KaiRo.at Authentication Server');
 
 $errors = $utils->checkForSecureConnection();
+$utils->sendSecurityHeaders();
 
 $para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.'));
 $para->setAttribute('id', 'jswarning');
@@ -71,7 +72,7 @@ if (!count($errors)) {
     }
     else {
       // Handle authorize request, forwarding code in GET parameters if the user has authorized your client.
-      $is_authorized = (($_POST['authorized'] === 'yes') || ($request->query['scope'] == 'email'));
+      $is_authorized = ((@$_POST['authorized'] === 'yes') || ($request->query['scope'] == 'email'));
       $server->handleAuthorizeRequest($request, $response, $is_authorized, $user['id']);
       /* For testing only
       if ($is_authorized) {