[Koha-bugs] [Bug 11612] 404 error page for Intranet may leak information
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Dec 6 06:44:10 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11612
David Cook <dcook at prosentient.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dcook at prosentient.com.au
--- Comment #2 from David Cook <dcook at prosentient.com.au> ---
Agreed with Isaac. Unauthenticated users shouldn't be able to see anything
other than 401 or the login screen.
Since we're using Plack::App::CGIBin, I think the only way to deal with this
might be to add a Middleware to check if the user is authenticated before
returning the 404.
Something to think about but certainly relevant.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list