fix: ensure proper handling of 403 Forbidden response with appropriate headers

Author: yannicktrinh

Project/Sources/Methods/_onWebConnection.4dm

@@ -14,7 +14,7 @@ End if
 If ($URL=$redirectURI)
 
 	var $options : Object:={redirectURI: $redirectURI; state: $state}
-
+	
 	ARRAY TEXT($names; 0)
 	ARRAY TEXT($values; 0)
 	WEB GET VARIABLES($names; $values)
@@ -37,6 +37,15 @@ If ($URL=$redirectURI)
 		var $contentType : Text:="Content-Type: text/html"
 		WEB SET HTTP HEADER($contentType)
 		WEB SEND RAW DATA($responseBody)
+	Else 
+		
+		// Send a 403 status line
+		// This is not strictly necessary, but it makes it clear that the request was forbidden
+		// and not just a 404 Not Found
+		var $statusLine : Text:="X-STATUS: 403 Forbidden"
+		WEB SET HTTP HEADER($statusLine)
+		var $errorBody : Text:="<html><body><h1>403 Forbidden</h1><p>Access denied</p></body></html>"
+		WEB SEND TEXT($errorBody; "text/html")
 	End if 
 
 End if