Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-19915

return an http error code 403 by default on access denied pages (kernel error 1)

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • 2012.8, 4.7.0
    • Misc, Permissions
    • None

    • any

    Description

      when a kernel error "1" is emitted, by default eZ sends a response page with a clear error message and a login form.
      But the http resp. code is 200.

      This can be a problem if there is any caching reverse proxy in front, or if the user has set up eZ to emit caching headers using site.ini, the page will be cached.

      Imagine the following scenario
      1. user visits page as anonymous, to which he is denied access
      2. user logs in
      3. user visits the same page again (to which he now has access) => then he will still see the "access denied" page unless he clicks on the "refresh" button.

      The fix: use error.ini to emit a 403 http error code by default with any kernel error 1:

      [ErrorSettings-kernel]
      HTTPError[1]=403

      [HTTPError-403]
      HTTPName=Forbidden

      Attachments

        Activity

          People

            Unassigned Unassigned
            gaetano.giunta-obsolete@ez.no Gaetano Giunta (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: