Respond 401 when unauthenticated user commits to project
requested to merge 389479-distinguish-between-authentication-and-authorization-errors-in-commit-api into master
What does this MR do and why?
It changes the Commits REST API to return a 401 unauthorized
error instead of a 403 Forbidden
response when an authenticated user performs a write operation like commit, cherry-pick, or revert.
Why: We need to distinguish between 401 and 403 errors in the Web IDE to provide a better user experience when the former happens. This distinction allows us to prompt the user to sign-in again in the Web IDE application.
Screenshots or screen recordings
N/A
How to set up and validate locally
- Submit a commit request as an unauthenticated user to a public project.
- You should receive
401 unauthorized
response.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #389479 (closed)
Edited by Enrique Alcántara