Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Review consistency of responses to visiting inaccessible SimpleContent pages #501

Open
CrispinF opened this issue Mar 28, 2020 · 0 comments

Comments

@CrispinF
Copy link
Contributor

Visiting a SimpleContent page that you don't have permissions for returns a 404 "Page not found". This seems undesirable - it should be 401 or 403 or a 302 redirect to login page (see debates on e.g. https://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses ).

Visiting a cloudscribe administrative page when unauthenticated returns a 302 and redirects to the login page e.g. /account/login?ReturnUrl=%2Fsiteadmin

Visiting a cloudscribe administrative page when authenticated but without correct permissions returns a 302 and redirects to the Access Denied page e.g. /account/accessdenied?ReturnUrl=%2Fsiteadmin

If we take the behaviour for the administrative pages as desirable, then we should make SimpleContent CMS pages/posts behave the same way. If the visited URL exists, and user is unauthenticated, we should 302 to login page with returnurl. If user is authenticated with insufficient privileges, we should 302 to the Access Denied page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant