Last modified: 2014-04-16 21:00:40 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T65924, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 63924 - If a report is not public, system should return 403 not 404


Summary:	If a report is not public, system should return 403 not 404

Status:	RESOLVED WONTFIX

Product:	Analytics
Classification:	Unclassified
Component:	Wikimetrics (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Unprioritized normal
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-04-14 23:46 UTC by Toby Negrin
Modified:	2014-04-16 21:00 UTC (History)
CC List:	5 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Toby Negrin 2014-04-14 23:46:19 UTC

When I make a report public, get the url, make it private, then access the URL, I get a 404 Not Found page with the following text:

Not Found

The requested URL /static/public/11092.json was not found on this server.

Apache/2.2.22 (Ubuntu) Server at metrics-staging.wmflabs.org Port 80

The status code should be a 403 (Access Denied) otherwise it is impossible for the user to tell what it going on.

Comment 1 Bingle 2014-04-14 23:50:22 UTC

Prioritization and scheduling of this bug is tracked on Mingle card https://wikimedia.mingle.thoughtworks.com/projects/analytics/cards/cards/1546

Comment 2 nuria 2014-04-15 08:37:11 UTC

Actually I think a 403 will be more confusing. A 403 implies that you need some kind of credential that you do not have but that is not the case, the resource just does not exist.

I think this points to a UX issue. The public link should not give you a 404 in any case. If the report exists should link to it. If it doesn't clicking should likely display an overlay that says "report is to available yet, it is scheduled to be run at such and such date"

Comment 3 christian 2014-04-15 10:17:28 UTC

404 is fine by me, as a 403 would leak the information that the given
id refers to an existing (private) report (!=file).

If the report is truely private, we should to leak information about
its existence.

Comment 4 Toby Negrin 2014-04-16 21:00:40 UTC

Convinced -- closing.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links