Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18522

Hide Existence of Unauthorized Resources resulting 401 instead of 404

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Resolution: Unresolved
    • Affects Version/s: 6.7.3
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Severity:
      Medium
    • Requirement Status:

      UNCOVERED

      Description

      Here are the steps to reproduce the issue

      Make sure the repository doesn't have anonymous read permissions

      1. Enable ‘Allow Anonymous Access’ from ‘General Security Configuration

      2. Enable ‘Hide Existence of Unauthorized Resources’ from ‘General Security Configuration’

      ip-10-8-16-47:~ lakshmiprasad$ curl http://<Artifactory_URL>/artifactory/list/libs-release-local

       { "errors" : [

      {     "status" : 404,    "message" : "Resource not found" }

      ]

       

      However, when we add slash '/' at the end it is throwing 401 instead of 404

      ip-10-8-16-47:~ lakshmiprasad$ curl http://<Artifactory_url>/artifactory/list/libs-release-local/

      { "errors" : [

      {     "status" : 401,     "message" : "Unauthorized"}

      ]

       

        Attachments

          Forms

            Activity

                People

                Assignee:
                Unassigned
                Reporter:
                lakshmip Lakshmi Prasad
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:

                    PagerDuty