You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
klonos
changed the title
[SR] Add a setting to use 404s instead of 403s when trying to access user pages
[SR] Add a setting to use 404s instead of 403s when trying to access user pages without the proper permission
Sep 26, 2022
This may be important. Any visit to a url such as example.com/user/n either returns 403 Forbidden, where users exist or a 404 page not found where users do not. Returning a consistent 404 may be better.
The 403 error is returned only in the case the user account exists and the account used to access the user profile does not have the View user profiles permission.
This is a follow-up to #4696 and another good candidate for #3624
See:
The text was updated successfully, but these errors were encountered: