Unauthenticated request to company's projects board shows 404 instead of login page #11172

New Issue

Closed

opened 2025-11-02 09:29:42 -06:00 by GiteaMirror · 4 comments

GiteaMirror commented 2025-11-02 09:29:42 -06:00

Owner

Copy Link

Originally created by @LukeOwlclaw on GitHub (Jul 6, 2023).

Description

For private instances of Gitea, ie. where https://GITEA/explore/repos redirects to the login page rather than allowing users to display any content anonymously, I expect all unauthenticated requests to be redirected to the login page.

This for example works fine for following URLs:

1. https://GITEA/MyCompany
2. https://GITEA/org/MyCompany/members
3. https://GITEA/org/MyCompany/teams

But when try to access the projects URL https://GITEA/MyCompany/-/projects I'll see a 404 error page.

I am aware that that page reads "The page you are trying to reach either does not exist or you are not authorized to view it." and that you could argue that it is correct, but given that the other URLs behave differently, this behaviour is inconsistent and should thus be considered a bug.

BTW, this problem cannot be reproduced via https://try.gitea.io/ since it allows anonymous access.

Gitea Version

1.19.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

downloaded version

Database

None

Originally created by @LukeOwlclaw on GitHub (Jul 6, 2023). ### Description For private instances of Gitea, ie. where https://GITEA/explore/repos redirects to the login page rather than allowing users to display any content anonymously, I expect all unauthenticated requests to be redirected to the login page. This for example works fine for following URLs:  1. https://GITEA/MyCompany 2. https://GITEA/org/MyCompany/members 3. https://GITEA/org/MyCompany/teams But when try to access the projects URL https://GITEA/MyCompany/-/projects I'll see a 404 error page. I am aware that that page reads "The page you are trying to reach either does not exist or you are not authorized to view it." and that you could argue that it is correct, but given that the other URLs behave differently, this behaviour is inconsistent and should thus be considered a bug. BTW, this problem cannot be reproduced via https://try.gitea.io/ since it allows anonymous access. ### Gitea Version 1.19.3 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? downloaded version ### Database None

GiteaMirror added the type/bug label 2025-11-02 09:29:42 -06:00

GiteaMirror closed this issue 2025-11-02 09:29:42 -06:00

GiteaMirror commented 2025-11-02 09:29:43 -06:00

Author

Owner

Copy Link

@dsseng commented on GitHub (Jul 6, 2023):

It might be an expected behavior to prevent probing for names present. If it redirected access to private repository, it'd be possible to determine if a private repository does exist or not.

@dsseng commented on GitHub (Jul 6, 2023): It might be an expected behavior to prevent probing for names present. If it redirected access to private repository, it'd be possible to determine if a private repository does exist or not.

GiteaMirror commented 2025-11-02 09:29:43 -06:00

Author

Owner

Copy Link

@LukeOwlclaw commented on GitHub (Jul 18, 2023):

@sh7dm No, I am not talking about customizable "names". For those (e.g. https://GITEA/MyCompany/DoesNotExist) any request first redirects to the login page, and after logging in to the 404 page. I am talking here only about URL https://gitea/MyCompany/-/projects which behaves differently. And this is the only URL I found which behaves like that.

@LukeOwlclaw commented on GitHub (Jul 18, 2023): @sh7dm No, I am not talking about customizable "names". For those (e.g. https://GITEA/MyCompany/DoesNotExist) any request first redirects to the login page, and after logging in to the 404 page. I am talking here only about URL https://gitea/MyCompany/-/projects which behaves differently. And this is the only URL I found which behaves like that.

GiteaMirror commented 2025-11-02 09:29:44 -06:00

Author

Owner

Copy Link

@lafriks commented on GitHub (Jul 20, 2023):

Yes this looks like a bug, for private instances all pages should redirect to login

@lafriks commented on GitHub (Jul 20, 2023): Yes this looks like a bug, for private instances all pages should redirect to login

GiteaMirror commented 2025-11-02 09:29:44 -06:00

Author

Owner

Copy Link

@LukeOwlclaw commented on GitHub (Jul 27, 2023):

Fixed with version 1.20.0

@LukeOwlclaw commented on GitHub (Jul 27, 2023): Fixed with version 1.20.0

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label type/bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#11172