From b1080c1e1a187bd05e0efb2f9e66e3c836f3461b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Fri, 27 Mar 2020 15:30:52 +0100
Subject: [PATCH 1/2] Don't set header if user don't have access

---
 access.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/access.lua b/access.lua
index 9f410e2..ff17645 100644
--- a/access.lua
+++ b/access.lua
@@ -318,7 +318,7 @@ end
 
 if longest_unprotected_match ~= ""
 and string.len(longest_unprotected_match) > string.len(longest_protected_match) then
-    if hlp.is_logged_in() then
+    if hlp.is_logged_in() and hlp.has_access() then
         serveYnhpanel()
 
         hlp.set_headers()

From ef3d6af9e0560051278b35066608b9d9a43031f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Fri, 27 Mar 2020 15:38:41 +0100
Subject: [PATCH 2/2] Dont't set header but serve ynhpanel

---
 access.lua | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/access.lua b/access.lua
index ff17645..6a51b42 100644
--- a/access.lua
+++ b/access.lua
@@ -318,10 +318,11 @@ end
 
 if longest_unprotected_match ~= ""
 and string.len(longest_unprotected_match) > string.len(longest_protected_match) then
-    if hlp.is_logged_in() and hlp.has_access() then
+    if hlp.is_logged_in() then
         serveYnhpanel()
-
-        hlp.set_headers()
+        if hlp.has_access() then
+            hlp.set_headers()
+        end
     end
     logger.debug(ngx.var.uri.." is in unprotected_urls")
     return hlp.pass()