Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: Customer request, 4.5 Maintenance, 4.6 Maintenance, 4.7 Maintenance, 5.0 Maintenance, 5.1 Maintenance, 5.2-beta1
Affects Version/s: 4.6.0, 4.7.0, 5.0, 5.1
Component/s: Misc
Labels:
None

Description

An HttpError setting exists in error.ini, to define what HTTP status header to return for certain errors.

However, for the "Access Denied" error (code 1), only the first request actually sets this header.
As the response is cached, any further requests will return "200 OK".

Steps to reproduce:

In error.ini:

[ErrorSettings-kernel]
HTTPError[1]=401

[HTTPError-401]
HTTPName=Authorization Required

Clear caches
With anonymous account, try to access a restricted section (such as 'Media').
The result status is "HTTP 401: Authorization Required"
Now refresh the page.

The same page will return an http status 200.
Clearing the cache makes the next request valid again.

Attachments

Issue Links

relates to

EZP-19915 return an http error code 403 by default on access denied pages (kernel error 1)

Open

EZP-21337 Return correct HTTP code for access denied page

Closed

EZP-21682 Hide / reveal doesn't expire cache in DFS

Closed

EZP-25922 kernel error 3 (not available) 404 errors are being cached

Closed

EZP-22472 Incorrect error handling

Closed

EZP-22796 Response for "Access denied" (1) error is cached when ErrorHandler=redirect

Confirmed

links to

PR ezpublish#758

(1 relates to, 1 links to)

Activity

People

Assignee:: Unassigned

Reporter:: Joao Inacio (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 10/Sep/13 10:21 PM

Updated:: 21/Jun/16 2:48 PM

Resolved:: 20/Sep/13 3:24 PM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

7h 50m