Show the sign in page when user is not signed in and tries to access a confidential issue

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Description

(Include problem, use cases, benefits, and/or goals)

When a user is not signed in and tries to access a confidential issue, the user gets a 404 error page. This is a bit surprising for the user as it is the same as if the URL was wrong or the issue has been deleted.

Issues are numbered starting from 1, so someone who is not authenticated could try all the numbers starting from 1 to see which are the confidential ones. So it looks like we wouldn't be giving much more information away by sending back a 403 error or redirecting to the sign in page, instead of sending back a 404 error.

Proposal

When users are not signed in and try to access a confidential issue, let's redirect them to the sign in page. If they are already signed in and don't have the rights to access the confidential issue, let's send back a 403 error.

Links / references

This was discussed internally on Slack:

https://gitlab.slack.com/archives/C0AR2KW4B/p1520660330000036

Edited Jun 21, 2025 by 🤖 GitLab Bot 🤖