Fix a redirect-on-login issue by allowing logged-out users to view 404 pages
66c648cc56be
Actions

Authored by epriestley <git@epriestley.com> on Nov 21 2012, 23:43.

Description

Fix a redirect-on-login issue by allowing logged-out users to view 404 pages

Summary:
See T2102 and inline for discussion. This seems like the least-bad approach until we have something better.

The utility of next_uri seems much greater than the minor exposure of routable URIs.

Note that attackers can not detect if routable URIs are valid (e.g., "/D999" will always hit the login page whether it exists or not), just that they're routable. So you can only really tell if apps are installed or not.

Test Plan: Hit /alsdknlkasnbla while logged out, got 404 instead of login.

Reviewers: vrana, codeblock, btrahan

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2102

Differential Revision: https://secure.phabricator.com/D4012

Details

Committed

epriestley <git@epriestley.com>

Nov 21 2012, 23:43

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPHb5c7896b10ae: Fix diffusion browse queries in git

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH66c648cc56be: Fix a redirect-on-login issue by allowing logged-out users to view 404 pages (authored by epriestley <git@epriestley.com>).Nov 21 2012, 23:43

Changes (1)

				Path
	M			src/applications/base/controller/Phabricator404Controller.php

rPH66c648cc56be

View Options

src/applications/base/controller/Phabricator404Controller.php