[FIX] Return proper HTTP status code when user is not allowed to see the tracker item (!1693) · Merge requests · Tiki Wiki CMS Groupware / Tiki

The source project of this merge request has been removed.

Fabio Montefuscolo requested to merge (removed):proper-http-code-403 into master Aug 13, 2022

Tiki is returning 200 when the page is forbidden to the user. This causes problems with cache systems and also bypass alarms in web application firewalls. Returning 403 for a forbidden content is expected as the basics of HTTP.

Let me know which other branches should have this change in case it is accepted.

Edited Aug 13, 2022 by Fabio Montefuscolo

[FIX] Return proper HTTP status code when user is not allowed to see the tracker item

Merge request reports