Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SR] Add a setting to use 404s instead of 403s when trying to access user pages without the proper permission #5802

Open
klonos opened this issue Sep 26, 2022 · 2 comments
Open

[SR] Add a setting to use 404s instead of 403s when trying to access user pages without the proper permission #5802

klonos opened this issue Sep 26, 2022 · 2 comments
Labels
type - task

Comments

@klonos
Copy link
Member

klonos commented Sep 26, 2022
edited

This is a follow-up to #4696 and another good candidate for #3624

See:
@klonos klonos changed the title [SR] Add a setting to use 404s instead of 403s when trying to access user pages [SR] Add a setting to use 404s instead of 403s when trying to access user pages without the proper permission Sep 26, 2022
This was referenced Sep 26, 2022
Open
Open
@izmeez
Copy link

izmeez commented Apr 27, 2024

This may be important. Any visit to a url such as example.com/user/n either returns 403 Forbidden, where users exist or a 404 page not found where users do not. Returning a consistent 404 may be better.

@kiamlaluno
Copy link
Member

kiamlaluno commented May 6, 2024
edited

The 403 error is returned only in the case the user account exists and the account used to access the user profile does not have the View user profiles permission.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type - task
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kiamlaluno @klonos @izmeez