Details
-
Bug
-
Resolution: Won't Fix
-
Medium
-
None
-
2.4, 2.5
-
None
Description
When global "use confluence" is not enabled for anonymous users and an anonymous user tries to visit a URL that does not exist, the 404 page will still list all spaces which have individual anonymous access enabled. Confluence should not leak this information when global anonymous access is denied.
In this scenario we should simply display a generic 404 page not found with a link to the login page.
Attachments
Issue Links
- is blocked by
-
CONFSERVER-9283 404 Action doesn't get User Information
- Closed
- is duplicated by
-
CONFSERVER-6748 All users can see spaces which have anonymous access enabled, even when anonymous access is not globally enabled.
- Closed
-
CONFSERVER-9688 Space names made visible to a non-authorised user upon entering a wrong URL
- Closed