Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Won't Do
Fix Version/s: None
Component/s: None
Labels:

Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

Synopsis:

If you browse to a specific page in a restricted space that you don't have access to, you'll receive a 404 error stating that the page cannot be found, or perhaps that you don't have access to it.

As per Matt Ryall's comment on CONF-9239, this is to ensure that we do not "leak information about the existence or non-existence of spaces which users don't have permission to see."

A few comments later in the same ticket, Charles Miller comments that you can bypass the ambiguous 404 message to get a hard "Not Permitted" or "Doesn't Exist" error when browsing to the space key directly.

If you have a restricted space with the key "RS", and the page title is "Restricted Space Home", the following is true:

Browsing to /display/RS/Restricted+Space+Home produces the ambigous 404 error
Browsing to /display/RS/ displays a "Not Permitted" action.
Browsing to /display/FOO/ (that doesn't exist) displays a "Page Not Found" error.

Attachments

Issue Links

relates to

CONFCLOUD-33608 Confluence is inconsistent in error messages for restricted spaces

Closed

CONFSERVER-33609 For spaces users don't have permission for, allow users to request access

Gathering Interest

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Dave Norton

Votes:: 2 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/May/2014 12:14 AM

Updated:: 19/Sep/2019 5:28 AM

Resolved:: 21/Dec/2017 8:19 AM