Opened 10 years ago
Closed 9 years ago
#23407 closed defect (bug) (invalid)
http 403 should be returned for private content
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.4 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
Right now a 404 is returned which indicates that there is no content at the URL while all you need to do in order to see it is to login.
Same probably applies to posts which where published and returned to draft state.
Change History (4)
#2
follow-up:
↓ 3
@
10 years ago
Both the 403 and the redirect would reveal that there is private content at that URL, which might not be the desired behavior.
#3
in reply to:
↑ 2
@
10 years ago
Replying to TobiasBg:
Both the 403 and the redirect would reveal that there is private content at that URL, which might not be the desired behavior.
I see where you coming from but I disagree. No one just scans addresses in a hope that he will discover by pure chance that at address X there is a content he can't even guess anything about. I assume that most people get to this kind of URL because they got it in mail or SMS and they know they are supposed to be able to access the content, but what they see is a "no content here" page.
on second thought maybe it is better to simply redirect to the login page