crynobone
commented
1 year ago Instead of configurable option I would feel it might be better to throw custom exception and then you can customise how it render via your application Exception Handler.
Closed joelbutcher closed 1 year ago
crynobone
commented
1 year ago Instead of configurable option I would feel it might be better to throw custom exception and then you can customise how it render via your application Exception Handler.
joelbutcher
commented
1 year ago @crynobone a custom exception would work
taylorotwell
commented
1 year ago I think now we would throw a 500 error?
It is common in applications that restrict access to another users' resource to return a 404 to indicate that resource does not exist. I would like to give developers to option to apply this functionality to Horizon to hide it's presence within an application from unauthenticated users.
This PR allows developers to define what status code should be returned when Horizon's authentication fails, via a new
horizon.unauthorized_statusconfig option (happy for this to be renamed, if anyone has any other suggestions).I've restricted the accepted status codes to 403 and 404, falling back to 403 if this is not the case.