http 403 should be returned for private content

[mark-k]

Right now a 404 is returned which indicates that there is no content at the URL while all you need to do in order to see it is to login.

Same probably applies to posts which where published and returned to draft state.

[mark-k]

on second thought maybe it is better to simply redirect to the login page

[TobiasBg]

Both the 403 and the redirect would reveal that there is private content at that URL, which might not be the desired behavior.

[mark-k]

Replying to TobiasBg:

Both the 403 and the redirect would reveal that there is private content at that URL, which might not be the desired behavior.

I see where you coming from but I disagree. No one just scans addresses in a hope that he will discover by pure chance that at address X there is a content he can't even guess anything about. I assume that most people get to this kind of URL because they got it in mail or SMS and they know they are supposed to be able to access the content, but what they see is a "no content here" page.

[nacin]

Private is not meant to be "you need an account" private. It is meant to be "it doesn't exist" private. Let's not tip our hats with a 403.