https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292018-12-04T01:23:02ZRedmineRedmine - Feature #30086: Use HTTP status code 403 instead of 401 when REST API is disabledhttps://www.redmine.org/issues/30086?journal_id=887442018-12-04T01:23:02ZGo MAEDA
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/88744/diff?detail_id=71005">diff</a>)</li></ul> Redmine - Feature #30086: Use HTTP status code 403 instead of 401 when REST API is disabledhttps://www.redmine.org/issues/30086?journal_id=888812018-12-10T02:20:41ZYuichi HARADA
<ul><li><strong>File</strong> <a href="/attachments/21966">30086-http-status-code-403.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/21966/30086-http-status-code-403.patch">30086-http-status-code-403.patch</a> added</li></ul><p>Regardless of whether authentication is valid or not, if you disable the REST API feature it responds with HTTP status code 403(Forbidden).<br />I made a patch, and attach it.</p> Redmine - Feature #30086: Use HTTP status code 403 instead of 401 when REST API is disabledhttps://www.redmine.org/issues/30086?journal_id=888962018-12-10T20:28:05ZMarius BÄ‚LTEANU
<ul></ul><p>I'm in favour of this change.</p> Redmine - Feature #30086: Use HTTP status code 403 instead of 401 when REST API is disabledhttps://www.redmine.org/issues/30086?journal_id=890682018-12-18T00:15:54ZGo MAEDA
<ul><li><strong>Target version</strong> set to <i>4.1.0</i></li></ul><p>Setting the target version to 4.1.0.</p> Redmine - Feature #30086: Use HTTP status code 403 instead of 401 when REST API is disabledhttps://www.redmine.org/issues/30086?journal_id=894802019-01-18T00:56:19ZGo MAEDA
<ul></ul><p>Returning 403 in the situation is consistent. In incoming emails API, MailHandlerController returns 403 if "WS for incoming emails" is disabled. Please see <a class="source" href="https://www.redmine.org/projects/redmine/repository/svn/entry/tags/4.0.0/app/controllers/mail_handler_controller.rb#L41">source:tags/4.0.0/app/controllers/mail_handler_controller.rb#L41</a>.</p> Redmine - Feature #30086: Use HTTP status code 403 instead of 401 when REST API is disabledhttps://www.redmine.org/issues/30086?journal_id=904132019-02-25T12:34:48ZGo MAEDA
<ul><li><strong>File</strong> <a href="/attachments/22510">30086-http-status-code-403-v2.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/22510/30086-http-status-code-403-v2.patch">30086-http-status-code-403-v2.patch</a> added</li></ul><p>Removed an unnecessary test_with_valid_username_and_wrong_password_http_authentication from the patch.</p> Redmine - Feature #30086: Use HTTP status code 403 instead of 401 when REST API is disabledhttps://www.redmine.org/issues/30086?journal_id=911862019-04-10T02:51:47ZGo MAEDA
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Assignee</strong> set to <i>Go MAEDA</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Committed the patch. Thank you.</p> Redmine - Feature #30086: Use HTTP status code 403 instead of 401 when REST API is disabledhttps://www.redmine.org/issues/30086?journal_id=995442020-10-25T07:02:00ZGo MAEDA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/32315">Defect #32315</a>: Impossible to validate API key without modifying anything</i> added</li></ul>