Handling a Violated Authorization Policy
This guide will help you handle a violated Authorization Policy.
When an Authorization Policy is violated, the server by default will return an empty page with the
403 Forbidden status code. You can redirect the user to a different page or display an alert message.
So that you can follow the steps in this tutorial, you should understand the concept of Authorization Policy. This guide refers to an Authorization Policy created in a previous tutorial (
Handling a violated Authorization Policy is a two-step process:
- Redirect user to a page
- Display alert message
Step 1: Redirect user to a page
To redirect user to a page after violation set the
redirect_to key. For example, to redirect to page
--- name: only_allowed_by_johns redirect_to: /login --- ...
Step 2: Display alert message
To generate flash alert message on the page that you defined as
redirect_to, use the
--- name: only_allowed_by_johns redirect_to: /login flash_alert: Please login to access this page. --- ...
As with normal flash messages, you can access it in Liquid using the