Request for non-existing contents receive HTTP 302 response from Confluence instead of HTTP 404 while using Personal Access Token.

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Low
    • None
    • Affects Version/s: 9.2.0
    • Component/s: Personal Access Tokens
    • None
    • 2
    • Severity 3 - Minor
    • 0

      Issue Summary

      Request for non-existing contents receive HTTP 302 response from Confluence instead of HTTP 404 while using Personal Access Token.

      This is reproducible on Data Center: (yes) / (no)

      Steps to Reproduce

      1. Created a Confluence 9.2.0 environment
      2. Created a space with the name Test
      3. Crerated a PAT for the user to send requests to Confluence
      4. Sent the below request for non-existing content; 
        curl -v -H "Authorization: Bearer $PAT" -l https://<Confluence Base URL>/plugins/servlet/confluence/default/Global/TES2
> 302

      Expected Results

      Expected response code is HTTP 404 for non-existing content on Confluence like while using basic authentication;

      curl -v -H "Authorization: Basic <passwd>" -l https://<Confluence Base URL>/plugins/servlet/confluence/default/Global/TES2
> 404

      Actual Results

      Confluence redirects the end user to login.action with the HTTP 302 response code for non-existing content while using PAT;

      curl -v -H "Authorization: Bearer $PAT" -l https://<Confluence Base URL>/download/attachments/131129/peak2.jpeg
>> 302 
< location: /confluence/login.action?os_destination=%2Fdownload%2Fattachments%2F131129%2Fpeak2.jpeg&permissionViolation=true

      Workaround

      There is no available workaround for this problem.

              Assignee:
              Unassigned
              Reporter:
              Kaan Çalışkan (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: