Issue A 500 internal error is generated when a user requests a url that they are not authorized to access. Steps to reproduce: 1. As an anonymous user browse to the following URL: https://developer-stage9.mozilla.org/en-US/demos/detail/test-demo/comment/23/delete/ 2. Compare this vs the following URL that is properly handled https://developer-stage9.mozilla.org/en-US/demos/detail/test-demo/comment/23/foo/ 3. The original /delete url is a valid url and would work if the user is authorized to modify that comment. Recommended Remediation Identify the error handling and update it to gracefully handle an unauthorized request to a valid URL.
This should fix the internal server error: https://github.com/fwenzel/mdn/commit/6e12fe8f247386f9f2bb727795b96d5edc0f771e There's a remaining problem that there's no templated 403 page for the site, so it just ends up with a generic "Access denied" message. I'll file a separate bug for that. (bug 635129)
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Component: Demos → Demo Studio / Dev Derby
Product: Mozilla Developer Network → Mozilla Developer Network
You need to log in before you can comment on or make changes to this bug.