From c2c12a9049ec321e77ee13bc7f8a9a8293596b21 Mon Sep 17 00:00:00 2001
From: Alexander Makarov <sam@rmcreative.ru>
Date: Fri, 30 Aug 2013 13:44:22 +0400
Subject: [PATCH] Fixes #829: loginRequired now responds with HTTP 403 in case
 of AJAX or loginUrl is not set

---
 framework/yii/web/User.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/framework/yii/web/User.php b/framework/yii/web/User.php
index b1ca8c2..4784063 100644
--- a/framework/yii/web/User.php
+++ b/framework/yii/web/User.php
@@ -287,10 +287,8 @@ class User extends Component
 	public function loginRequired()
 	{
 		$request = Yii::$app->getRequest();
-		if (!$request->getIsAjax()) {
+		if ($this->loginUrl !== null && !$request->getIsAjax()) {
 			$this->setReturnUrl($request->getUrl());
-		}
-		if ($this->loginUrl !== null) {
 			Yii::$app->getResponse()->redirect($this->loginUrl)->send();
 			exit();
 		} else {