mirror of
https://github.com/go-gitea/gitea.git
synced 2026-03-17 13:42:23 -05:00
[Question] How redirect to login instead of 404 for private repo? #5392
Closed
opened 2025-11-02 06:23:21 -06:00 by GiteaMirror
·
15 comments
No Branch/Tag Specified
main
release/v1.25
release/v1.24
release/v1.23
release/v1.22
release/v1.21
release/v1.20
release/v1.19
release/v1.18
release/v1.17
release/v1.16
release/v1.15
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.25.3
v1.25.2
v1.25.1
v1.25.0
v1.24.7
v1.25.0-rc0
v1.26.0-dev
v1.24.6
v1.24.5
v1.24.4
v1.24.3
v1.24.2
v1.24.1
v1.24.0
v1.23.8
v1.24.0-rc0
v1.25.0-dev
v1.23.7
v1.23.6
v1.23.5
v1.23.4
v1.23.3
v1.23.2
v1.23.1
v1.23.0
v1.23.0-rc0
v1.24.0-dev
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.23.0-dev
v1.22.0-rc1
v1.21.11
v1.22.0-rc0
v1.21.10
v1.21.9
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.20.6
v1.21.1
v1.21.0
v1.21.0-rc2
v1.21.0-rc1
v1.20.5
v1.22.0-dev
v1.21.0-rc0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.4
v1.21.0-dev
v1.20.0-rc2
v1.20.0-rc1
v1.20.0-rc0
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.19.0-rc1
v1.20.0-dev
v1.19.0-rc0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.4
v1.18.0-rc1
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc3
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.2
v1.0.1
v1.0.0
v0.9.99
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
Mirrored from GitHub Pull Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/gitea#5392
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @badstorm on GitHub (May 13, 2020).
[x]):Description
There is the possibility to redirect to login page or show a custom alert message instead of the 404 page in this two cases when i try to connect directly form a url of a private repo:
For example i create this repo on try.gitea
Screenshots
@zeripath commented on GitHub (May 13, 2020):
Create a custom
status/404.tmpltemplate. You should be able to detect ``{{.IsSigned}}` and you could put a form in to login.If you come up with something that looks good and is understandable then please feel free to push it back as a PR.
@badstorm commented on GitHub (May 13, 2020):
Thanks for your suggestion. I'll try to work on it.
There is a way to detect from the 404 template if the error was generated by a wrong url or for a private repo?
@lafriks commented on GitHub (May 13, 2020):
Detecting wrong url or private repo would not be desirable becouse of security concerns. I would recommend just redirecting to login always
@silverwind commented on GitHub (May 14, 2020):
How about an config option to emit the correct status codes 401 (when not signed in) or 403 (when no permissions), something like
MASK_STATUS_CODES=false? I'd even lean to defaulting it to on and security-concerned people can still turn it off and have their (technically incorrect and confusing) 404.@lafriks commented on GitHub (May 14, 2020):
@silverwind I don't agree, every other platform does the same as we do currently. Github for example adds additional link below 404 description to Sign in page where you can click to login
@silverwind commented on GitHub (May 14, 2020):
It's a tradeoff between security (hiding a repo's existance) and usability (not confusing users with wrong messages), I think it should be the user's choice.
@guillep2k commented on GitHub (May 15, 2020):
@silverwind I agree (but that's potentially a lot of work!). The problem here is that Gitea has "two faces": one is a public service where people from all over the world could get in and collaborate; the other is a corporate service where users are strictly listed and probably doesn't even face the Internet. This duality creates a lot of conundrums where the solution for one is bad news for the other.
Gitea 2.0 should be refactored so settings are more manageable, and this kind of decision tree is easier to maintain.
@silverwind commented on GitHub (May 15, 2020):
@guillep2k What I don't quite get it why would you want to respond differently whether a instance is private or public? Let's say we return proper 401,403,404 status codes, in which case would you want to return different ones for public/private?
@lafriks commented on GitHub (May 16, 2020):
And imho all systems take such tradeoff in favor of security. Just look at github, gitlab or pretty much any other
@guillep2k commented on GitHub (May 16, 2020):
IMHO it's because when it's a public service (facing Internet), some people may have privacy concerns ("I don't want anybody to know that I'm working on a particular fork, or even that I am registered in that site"), but in a corporate environment the company can dictate the policies and might care more about confusing new users than about hiding the existence of a particular resource. I work in a small company and I'm unsure whether I should maintain separate teams, because everybody knows about everybody else and anybody might be assigned to any project; secrecy would be overly bureaucratic.
@silverwind commented on GitHub (May 19, 2020):
I guess a per-repo setting to mask existance might be perfect. That way, you can still properly hide your top-secret repos while returning proper status codes for less important/public ones.
@guillep2k commented on GitHub (May 20, 2020):
@silverwind That exists already. Repository:
public,private. But there's a lot of gray-area cases, like public repo but private organization, or public repo but only for logged in users, etc. 😵@silverwind commented on GitHub (May 20, 2020):
I guess one could introduce a
semi-privateoption 🤣@stale[bot] commented on GitHub (Jul 19, 2020):
This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.
@stale[bot] commented on GitHub (Aug 2, 2020):
This issue has been automatically closed because of inactivity. You can re-open it if needed.