gitea: [Question] How redirect to login instead of 404 for private repo?

  • Gitea version: 1.11.5
  • Git version: 1.14.2
  • Operating system: linux-amd64
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • [x ] Yes
    • No
    • Not relevant

Description

There is the possibility to redirect to login page or show a custom alert message instead of the 404 page in this two cases when i try to connect directly form a url of a private repo:

  • if I’m not logged in
  • my user not have permissions for that repo.

For example i create this repo on try.gitea

Screenshots

Schermata 2020-05-13 alle 12 23 41 Schermata 2020-05-13 alle 12 24 08

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 15 (12 by maintainers)

Most upvoted comments

Detecting wrong url or private repo would not be desirable becouse of security concerns. I would recommend just redirecting to login always

+2
lafriks on May 13, 2020

It’s a tradeoff between security (hiding a repo’s existance) and usability (not confusing users with wrong messages), I think it should be the user’s choice.

And imho all systems take such tradeoff in favor of security. Just look at github, gitlab or pretty much any other

+1
lafriks on May 16, 2020

@silverwind I don’t agree, every other platform does the same as we do currently. Github for example adds additional link below 404 description to Sign in page where you can click to login

+1
lafriks on May 14, 2020
Read more comments on GitHub
← gitea: Pushing to empty repository is not reflected in web UI
gitea: Queue unexpected type conversion →