Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-5754

Accessing an unauthorized download directly returns a "401 Unauthorized" page, rather than "Page Not Found"

XMLWordPrintable

      If a user enters in the direct URL to an attachment, rather than being being shown the 404 "page not found" page, "401 Unauthorized" appears. It should be the 404 instead.

            [CONFSERVER-5754] Accessing an unauthorized download directly returns a "401 Unauthorized" page, rather than "Page Not Found"

            Stefan Baader added a comment -

            Jeremy,

            we just installed the version 2.1.5.a in our company (1000 User) and we have the same problem with the thumbnails. But we can't upgrade "over night" to other versions. Can you give us please a hint how to work around this bug without rolling out a complete new version?

            Stefan Baader added a comment - Jeremy, we just installed the version 2.1.5.a in our company (1000 User) and we have the same problem with the thumbnails. But we can't upgrade "over night" to other versions. Can you give us please a hint how to work around this bug without rolling out a complete new version?

            Jeremy Higgs added a comment -

            Hi Guys,

            Thanks for the suggestions. I've amended the fix to redirect anonymous users to the login page. A logged in user will get a "Page not Found" error.

            Jeremy

            Jeremy Higgs added a comment - Hi Guys, Thanks for the suggestions. I've amended the fix to redirect anonymous users to the login page. A logged in user will get a "Page not Found" error. Jeremy

            Taz added a comment -

            I agree with Amrit that the 401 page should direct to a login page.

            We have users reporting 401 errors because somone emailed them a link to an attachment and they were ether not logged in or have not set their browser to remember their login information.

            Taz added a comment - I agree with Amrit that the 401 page should direct to a login page. We have users reporting 401 errors because somone emailed them a link to an attachment and they were ether not logged in or have not set their browser to remember their login information.

            amrit lalli added a comment -

            Do you not realize how much havok this causes, when people email links to attachments in confluence, and anonymous access isnt enabled on the wiki?

            It should not be page not found. It should make you log in, and then take you to the attachment.

            Can you imagine a company using this and then constantly complaining, that people cant access their attachemnts?

            hence, make the 401 take you to the login page, with the os_destination set to the original url.

            amrit lalli added a comment - Do you not realize how much havok this causes, when people email links to attachments in confluence, and anonymous access isnt enabled on the wiki? It should not be page not found. It should make you log in, and then take you to the attachment. Can you imagine a company using this and then constantly complaining, that people cant access their attachemnts? hence, make the 401 take you to the login page, with the os_destination set to the original url.

            Jeremy Higgs added a comment -

            Fixed for 2.1.6. Directly accessing an attachment or thumbnail you don't have permission to view throws you to the 404 "page not found" error page.

            Jeremy Higgs added a comment - Fixed for 2.1.6. Directly accessing an attachment or thumbnail you don't have permission to view throws you to the 404 "page not found" error page.

              Unassigned Unassigned
              8d92d19feb5e Jeremy Higgs
              Affected customers:
              0 This affects my team
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: