Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-21547

HttpError for "Access denied" (1) is cached, returns "200 OK" instead

    XMLWordPrintable

    Details

      Description

      An HttpError setting exists in error.ini, to define what HTTP status header to return for certain errors.

      However, for the "Access Denied" error (code 1), only the first request actually sets this header.
      As the response is cached, any further requests will return "200 OK".

      Steps to reproduce:
      • In error.ini:
        [ErrorSettings-kernel]
        HTTPError[1]=401
        
        [HTTPError-401]
        HTTPName=Authorization Required
        
      • Clear caches
      • With anonymous account, try to access a restricted section (such as 'Media').
      • The result status is "HTTP 401: Authorization Required"
      • Now refresh the page.

      The same page will return an http status 200.
      Clearing the cache makes the next request valid again.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              joao.inacio-obsolete@ez.no Joao Inacio (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 7 hours, 50 minutes
                  7h 50m