X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=blobdiff_plain;f=cgi-auth-flexible.pm;h=e52441b802b1647dff1f927fd7018ee7aa959827;hp=5e5d0449ad536d2d7b3eaba51bb4ab27e94bf6a7;hb=4b63ec666089ffd49b6b83c787a3a9a980bcf6a9;hpb=b93e3cc7eae3bfc87474afb3be8458647f61a2aa

diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm
index 5e5d044..e52441b 100644
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -758,11 +758,11 @@ sub construct_cookie ($$$) {
     #  y   nt  POST   r u     intra-site request from stale page
     #                           fail
     #
-    #  -/n y2  GET   nr       intra-site link from cleared session
+    #  -n  y2  GET   nr       intra-site link from cleared session
     #                           do not revoke y2 as not RESTful
     #                           treat as   -/n n GET
     #
-    #  -/n y2  POST  nrmu     request from cleared session
+    #  -n  y2  POST  nrmu     request from cleared session
     #                           revoke y2
     #                           treat as   -/n n POST
     #
@@ -1360,7 +1360,7 @@ sub check_nonpage ($$) {
     my ($r, $reqtype) = @_;
     $r->_assert_checked();
     return unless $r->resource_get_needs_secret_hidden($reqtype);
-    return if $r->{ParmT};
+    return if $r->{ParmT} eq 'y';
     die "missing hidden secret parameter on nonpage request $reqtype";
 }