Skip to:
Content

bbPress.org

Opened 7 years ago

Last modified 7 years ago

#3118 new idea

Redirect or 404

Reported by: johnjamesjacoby's profile johnjamesjacoby Owned by:
Milestone: 2.7 Priority: normal
Severity: normal Version:
Component: General - UI/UX Keywords: 2nd-opinion
Cc:

Description

By default, bbPress will usually 404 when a logged-out user attempt to access a page that exists, but they cannot access. This is traditionally a security measure to avoid leaking any information to anonymous users about pages that may or may not exist.

If I had a private forum named "Company Secrets", a logged-out user could eventually identify that forum exists while others do not, just by randomly trying different URLs and identifying the redirect vs. the 404.

But, it's also not as good of a user experience to just always 404 without providing a convenient way to login & be smartly redirected to the URL that was originally requested.

What should we do? Should this be an option to redirect to wp_login_url() instead of 404ing?

Change History (1)

#1 @netweb
7 years ago

Related, possible duplicate #2485

Note: See TracTickets for help on using tickets.