Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Return 404 for non-public profiles instead of 403 #171

Open
wunc opened this issue Nov 14, 2024 · 0 comments
Open

Return 404 for non-public profiles instead of 403 #171

wunc opened this issue Nov 14, 2024 · 0 comments
Assignees
@betsyecastro

Comments

@wunc
Copy link
Collaborator

wunc commented Nov 14, 2024
edited
Loading

In cases where a profile is not public and user is not logged-in or not authorized to view it, we should probably return a 404 instead of a 403 because the latter reveals the existence of the profile (and is also confusing to non-logged-in users).

We can probably use Response::denyAsNotFound() in the policy. See https://laravel.com/docs/10.x/authorization#customising-policy-response-status
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@betsyecastro betsyecastro

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@betsyecastro @wunc