Skip to content

if we get a 403 we need to know if we do not have enough rights or login...#134

Closed
nkenneweg wants to merge 1 commit into
masterfrom
feature/ajax_session_loss
Closed

if we get a 403 we need to know if we do not have enough rights or login...#134
nkenneweg wants to merge 1 commit into
masterfrom
feature/ajax_session_loss

Conversation

@nkenneweg
Copy link
Copy Markdown
Contributor

@nkenneweg nkenneweg commented May 17, 2013

... is needed.

still needs tests!

@apfelfabrik
Copy link
Copy Markdown
Contributor

apfelfabrik commented May 21, 2013

I am not sure about the reason being included here.
One could argue that 403 is 403, providing reasons only reveals information and opens new attack vectors. If there is no status code that distinguishes these two scenarios in HTTP, you're probably doing it wrong.

@nkenneweg
Copy link
Copy Markdown
Contributor Author

nkenneweg commented May 23, 2013

403 only means that you are not allowed to access the current page (forbidden).
The reason for this can either be missing user rights or not being logged in at all, which we want to differentiate.
This is just a possible solution, which from my point of view is the easiest way, one could also argue that when getting a 403 one should ask the server if the session is still valid but this would mean another (unnecessary) request which I would like to avoid.

@nkenneweg nkenneweg closed this Jun 7, 2013
@nkenneweg nkenneweg reopened this Jun 7, 2013
@nkenneweg nkenneweg closed this Jun 7, 2013
@mfrister mfrister deleted the feature/ajax_session_loss branch July 11, 2013 13:33
wielinde added a commit that referenced this pull request May 22, 2026
@wielinde @claude
chore: upgrade @blocknote/* to 0.51, op-blocknote-extensions to 0.1.0…
ef830db 
… (FEASIBILITY)

Feasibility-study draft showing the openproject-side consumer changes
that go with op-blocknote-extensions v0.1.0 (opf/op-blocknote-extensions
PRs #133 and #134, not yet merged):

frontend
- @blocknote/{core,mantine,react}: ^0.44.2 → ^0.51.0
- op-blocknote-extensions: v0.0.26 → v0.1.0 (URL not live yet)
- OpBlockNoteEditor.tsx: BlockNote 0.51 tightened CollaborationOptions —
  omit the whole `collaboration` block when no hocuspocusProvider is
  wired up; cast the provider at the boundary because Hocuspocus's
  `awareness: Awareness | null` doesn't match BlockNote's
  `Awareness | undefined`.

hocuspocus (extensions/op-blocknote-hocuspocus)
- @blocknote/server-util: ^0.44.2 → ^0.51.0
- @blocknote/core (dev): ^0.44.2 → ^0.51.0
- op-blocknote-extensions: v0.0.18 → v0.1.0
- openProjectApi.ts: import the static specs from the new
  `op-blocknote-extensions/server` subpath (keeps @blocknote/react out
  of Node); align schema key with the post-refactor block type
  ("openProjectWorkPackage" → "openProjectWorkPackageBlock"); register
  the inline static spec so inline work-package chips survive the
  markdown export.

Lockfiles intentionally not regenerated: the v0.1.0 GitHub URL doesn't
resolve yet. Reviewers should treat this PR as a feasibility study, not
a mergeable artefact.

Refs: https://community.openproject.org/wp/74654

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@wielinde wielinde mentioned this pull request May 22, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nkenneweg @apfelfabrik