Opened 7 years ago
Last modified 7 years ago
#3118 new idea
Redirect or 404
Reported by: | johnjamesjacoby | Owned by: | |
---|---|---|---|
Milestone: | 2.7 | Priority: | normal |
Severity: | normal | Version: | |
Component: | General - UI/UX | Keywords: | 2nd-opinion |
Cc: |
Description
By default, bbPress will usually 404 when a logged-out user attempt to access a page that exists, but they cannot access. This is traditionally a security measure to avoid leaking any information to anonymous users about pages that may or may not exist.
If I had a private forum named "Company Secrets", a logged-out user could eventually identify that forum exists while others do not, just by randomly trying different URLs and identifying the redirect vs. the 404.
But, it's also not as good of a user experience to just always 404 without providing a convenient way to login & be smartly redirected to the URL that was originally requested.
What should we do? Should this be an option to redirect to wp_login_url()
instead of 404ing?
Related, possible duplicate #2485