Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-55343

"No permission" page should return status 4xx

XMLWordPrintable

    • 1
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem Definition

      1. Create some page restricted to user A.
      2. Login Confluence with user B.
      3. Access to the page created in step 1.
        Then you will see the "No permission" screen. However it's responded as 200.

      This was confirmed in Confluence 6.8.1.

      Suggested Solution

      It should return 403 forbidden or 404 not found.

      Why this is important

        1. Screen_Shot_2018-04-12_at_9_17_26.png
          Screen_Shot_2018-04-12_at_9_17_26.png
          453 kB

            [CONFSERVER-55343] "No permission" page should return status 4xx

            Sen Geronimo made changes -
            Workflow Original: JAC Suggestion Workflow 4 [ 3563836 ] New: JAC Suggestion Workflow 3 [ 4341102 ]
            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow 2 [ 3171109 ] New: JAC Suggestion Workflow 4 [ 3563836 ]
            Renan Battaglin made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 449125 ]
            Renan Battaglin made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 447505 ]
            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3032116 ] New: JAC Suggestion Workflow 2 [ 3171109 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing v4 [ 2656325 ] New: JAC Suggestion Workflow [ 3032116 ]
            SET Analytics Bot made changes -
            Support reference count New: 1
            Nobuyuki Mukai made changes -
            Description Original: h3. Problem Definition
             # Create some page restricted to user A.
             # Login Confluence with user B.
             # Access to the page created in step 1.
             Then you will see the "No permission" screen. However it's responded as 200.

            !Screen_Shot_2018-04-12_at_9_17_26.png|width=680,height=332!
            h3. Suggested Solution

            It should return 403 forbidden or 404 not found.
            h3. Why this is important
             * When thinking of page access audit with [How to Enable User Access Logging|https://confluence.atlassian.com/confkb/how-to-enable-user-access-logging-182943.html], there's no way to detect "No permission" access attempt.             		New: h3. Problem Definition
             # Create some page restricted to user A.
             # Login Confluence with user B.
             # Access to the page created in step 1.
             Then you will see the "No permission" screen. However it's responded as 200.

            !Screen_Shot_2018-04-12_at_9_17_26.png|width=680,height=332!

            This was confirmed in Confluence 6.8.1.
            h3. Suggested Solution

            It should return 403 forbidden or 404 not found.
            h3. Why this is important
             * When thinking of page access audit with [How to Enable User Access Logging|https://confluence.atlassian.com/confkb/how-to-enable-user-access-logging-182943.html], there's no way to detect "No permission" access attempt.
            Nobuyuki Mukai made changes -
            Link New: This issue relates to CONFSERVER-39650 [ CONFSERVER-39650 ]
            Nobuyuki Mukai made changes -
            Attachment Original: Screen Shot 2018-04-12 at 9.17.26.png [ 313071 ]

              Unassigned Unassigned
              nmukai Nobuyuki Mukai
              Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: