1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-26 07:20:57 +01:00
phorge-phorge/src
epriestley 66c648cc56 Fix a redirect-on-login issue by allowing logged-out users to view 404 pages
Summary:
See T2102 and inline for discussion. This seems like the least-bad approach until we have something better.

The utility of next_uri seems much greater than the minor exposure of routable URIs.

Note that attackers can //not// detect if routable URIs are //valid// (e.g., "/D999" will always hit the login page whether it exists or not), just that they're routable. So you can only really tell if apps are installed or not.

Test Plan: Hit `/alsdknlkasnbla` while logged out, got 404 instead of login.

Reviewers: vrana, codeblock, btrahan

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2102

Differential Revision: https://secure.phabricator.com/D4012
2012-11-21 14:43:35 -08:00
..
aphront Delete license headers from files 2012-11-05 11:16:51 -08:00
applications Fix a redirect-on-login issue by allowing logged-out users to view 404 pages 2012-11-21 14:43:35 -08:00
docs Document that arc diff is able to commit 2012-11-21 11:05:09 -08:00
infrastructure Display correct size of binary files in Diffusion 2012-11-21 13:09:45 -08:00
rsrc Use sprites for (nearly) all application icons 2012-08-14 14:23:55 -07:00
view Improve PhabricatorPropertyListView and add section headers 2012-11-20 18:01:18 -08:00
__celerity_resource_map__.php Modify Celerity to emit required resources on Ajax responses 2012-11-21 08:37:01 -08:00
__phutil_library_init__.php Delete license headers from files 2012-11-05 11:16:51 -08:00
__phutil_library_map__.php Add a detail view for resources in Drydock 2012-11-20 13:25:22 -08:00