Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to distinguish among errors due to anoymous access? #397

Open
yxiang92128 opened this issue May 5, 2021 · 1 comment
Open

How to distinguish among errors due to anoymous access? #397

yxiang92128 opened this issue May 5, 2021 · 1 comment

Comments

@yxiang92128
Copy link

We have observed that the SDK returns the same http code as 404 and the same error message as “The specified resource does not exist.” to the following three cases:

  1. List against a non-existing container with empty anonymous credential because that container is not there.
  2. List against a private container with empty anonymous credential because container is not enabled for anonymous access.
  3. List against an anonymous-blob-only container with empty anonymous credential because container level access is prohibited for anonymous user.

I wonder if at least for case 2 and 3, it should return HTTP code 403 instead?

Thanks,

Yang
@Jinming-Hu
Copy link
Member

Both Case 2 and 3 are by design. So that malicious users cannot detect if a container exists.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yxiang92128 @Jinming-Hu