Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-8634

Bamboo REST resources are returning 403 responses when not logged in. They should return 401

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Medium
    • 3.1 RC1, 3.1
    • None
    • REST API
    • None

    Description

      Bamboo returns 403 responses when trying to access a REST resource unauthorised. According to the spec 403 means:

      The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

      In this case authorisation will help however so REST resources should really return 401 errors.

      Attachments

        Activity

          People

            jdumay James Dumay
            andreask@atlassian.com Andreas Knecht (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: