Confluence is inconsistent in error messages for restricted spaces

XMLWordPrintable

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Synopsis:

      If you browse to a specific page in a restricted space that you don't have access to, you'll receive a 404 error stating that the page cannot be found, or perhaps that you don't have access to it.

      As per Matt Ryall's comment on CONF-9239, this is to ensure that we do not "leak information about the existence or non-existence of spaces which users don't have permission to see."

      A few comments later in the same ticket, Charles Miller comments that you can bypass the ambiguous 404 message to get a hard "Not Permitted" or "Doesn't Exist" error when browsing to the space key directly.

      If you have a restricted space with the key "RS", and the page title is "Restricted Space Home", the following is true:

      1. Browsing to /display/RS/Restricted+Space+Home produces the ambigous 404 error
      2. Browsing to /display/RS/ displays a "Not Permitted" action.
      3. Browsing to /display/FOO/ (that doesn't exist) displays a "Page Not Found" error.

              Assignee:
              Unassigned
              Reporter:
              Dave Norton (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: