Accessing private resources without permissions should return a 404 (BB-4255)

Issue #9988 closed
Dimitar Nedev
created an issue

Trying to access private resources (repo, team, etc.) without permission, the response should be a 404 (Not Found), instead of a 403 (Forbidden). The reasoning behind this suggestions is to preserve the privacy of the resources, since a 403 will confirm their existence, unlike a 404.

Comments (4)

  1. Log in to comment