Skip to content

Respond 401 when unauthenticated user commits to project

What does this MR do and why?

It changes the Commits REST API to return a 401 unauthorized error instead of a 403 Forbidden response when an authenticated user performs a write operation like commit, cherry-pick, or revert.

Why: We need to distinguish between 401 and 403 errors in the Web IDE to provide a better user experience when the former happens. This distinction allows us to prompt the user to sign-in again in the Web IDE application.

Screenshots or screen recordings

N/A

How to set up and validate locally

  1. Submit a commit request as an unauthenticated user to a public project.
  2. You should receive 401 unauthorized response.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #389479 (closed)

Edited by Enrique Alcántara

Merge request reports

Loading