Details
-
Suggestion
-
Resolution: Won't Do
-
None
-
None
Description
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
Synopsis:
If you browse to a specific page in a restricted space that you don't have access to, you'll receive a 404 error stating that the page cannot be found, or perhaps that you don't have access to it.
As per Matt Ryall's comment on CONF-9239, this is to ensure that we do not "leak information about the existence or non-existence of spaces which users don't have permission to see."
A few comments later in the same ticket, Charles Miller comments that you can bypass the ambiguous 404 message to get a hard "Not Permitted" or "Doesn't Exist" error when browsing to the space key directly.
If you have a restricted space with the key "RS", and the page title is "Restricted Space Home", the following is true:
- Browsing to /display/RS/Restricted+Space+Home produces the ambigous 404 error
- Browsing to /display/RS/ displays a "Not Permitted" action.
- Browsing to /display/FOO/ (that doesn't exist) displays a "Page Not Found" error.
Attachments
Issue Links
- relates to
-
CONFCLOUD-33608 Confluence is inconsistent in error messages for restricted spaces
- Closed
-
CONFSERVER-33609 For spaces users don't have permission for, allow users to request access
- Gathering Interest
- mentioned in
-
Page Loading...