When a user attempts to access content that he has no read access to, an error 500 is thrown, instead of a 403. That makes it difficult for developers to implement a custom handler for access denied situations.
- Create a folder in the back end
- Open it, as anonymous, in the front end
- Switch it to restricted section
- Refresh the front end page
=> expected result: a 403 exception
=> actual result: 500 exception