Open shuhaowu opened 11 years ago
If there's a project and someone tries to request to it without the permission. We currently return a 403. This is a security problem as it leaks the existence of the project/comment/post/whatever.
Should return a 404 instead.
Additionally, there are things that returns {status: "okay"} with a 200 where it should return 201.
{status: "okay"}
If there's a project and someone tries to request to it without the permission. We currently return a 403. This is a security problem as it leaks the existence of the project/comment/post/whatever.
Should return a 404 instead.