mirror of https://git.sr.ht/~sircmpwn/man.sr.ht
Do not disclose existence of private resources
When a user attempts to view a wiki that they do not have access to, the error code should not disclose that this resource does in fact exist.
This commit is contained in:
parent
8de82b919c
commit
62e8f477ac
|
@ -77,5 +77,5 @@ def check_access(owner_name, wiki_name, access):
|
|||
abort(404)
|
||||
a = get_access(wiki, owner)
|
||||
if not access in a:
|
||||
abort(403)
|
||||
abort(404)
|
||||
return owner, wiki
|
||||
|
|
Loading…
Reference in New Issue