Project

General

Profile

Actions

Feature #14356

open

Accessing a file ressouorce URL should have HTTP 401 header if not logged in

Added by Stefan Schiffer almost 11 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

If I'm logged in to Redmine and have files attached to a ticket or document, I can copy the URL to this file.
If I drop this URL to my browser adress bar, I get an HTTP 200 header and can download the file immediately.

But if I drop this URL to any other program where I not have logged in yet, I receive also a HTTP 200 header.

It would be very nice to recieve a HTTP 401 header, if the request is redirected to the login screen due to no valud user session.

No data to display

Actions

Also available in: Atom PDF