[CONFSERVER-55343] "No permission" page should return status 4xx - Create and track feature requests for Atlassian products.

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: User - Global / Space Permissions
Labels:
None

Support reference count:
1
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Problem Definition

Create some page restricted to user A.
Login Confluence with user B.
Access to the page created in step 1.
Then you will see the "No permission" screen. However it's responded as 200.

This was confirmed in Confluence 6.8.1.

Suggested Solution

It should return 403 forbidden or 404 not found.

Why this is important

When thinking of page access audit with How to Enable User Access Logging, there's no way to detect "No permission" access attempt.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

Screen_Shot_2018-04-12_at_9_17_26.png
453 kB
12/Apr/2018 12:45 AM

mentioned in: Page Failed to load; Page Failed to load

Assignee:: Unassigned

Reporter:: Nobuyuki Mukai

Votes:: 3 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 12/Apr/2018 12:40 AM

Updated:: 09/Sep/2019 5:26 AM