Homestyx hydra
Diffusion hydra 66c648cc56be

Fix a redirect-on-login issue by allowing logged-out users to view 404 pages
66c648cc56be
Actions

Description

Fix a redirect-on-login issue by allowing logged-out users to view 404 pages

Summary:
See T2102 and inline for discussion. This seems like the least-bad approach until we have something better.

The utility of next_uri seems much greater than the minor exposure of routable URIs.

Note that attackers can not detect if routable URIs are valid (e.g., "/D999" will always hit the login page whether it exists or not), just that they're routable. So you can only really tell if apps are installed or not.

Test Plan: Hit /alsdknlkasnbla while logged out, got 404 instead of login.

Reviewers: vrana, codeblock, btrahan

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2102

Differential Revision: https://secure.phabricator.com/D4012

Details

Provenance
epriestleyAuthored on Nov 21 2012, 5:43 PM
sirocylPushed on Oct 16 2024, 5:49 AM
Parents
R1:b5c7896b10ae: Fix diffusion browse queries in git
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (1)

PathSize
src/
applications/
base/
controller/

R1:66c648cc56be

View Options

src/applications/base/controller/Phabricator404Controller.php

Loading...
styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)