Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
It's actually common practice to 404 guarded routes that should otherwise return 401.
It's an obfuscation mechanism that helps deter some DoS attacks.
If you return 401 you basically are saying "yes, there is a route here, DDoS the shit out of my auth mechanism".
404 implies nothing of the sort, so bots can't tell. -
b2plane63891y@CoreFusionX oh. I didnt know that. I was thinking to redirect to 401 page if an unauthorized entity wants to access a page
-
@b2plane
You can check, for example, on GitHub.
If you try to access a repo you are not authorized to, it will return a 404 instead of 401 (which would be the canonical response). -
b2plane63891y@c3r38r170 Yes that's what i always do. I cant leave my office until the work is fucking done. Im glued like a magnet
FUCK FUCK FUCK FUCK FUUUCJKKK OOOOFFFFFFFFFFFFFFFF (wasted hours why im being redirected to 404 when trying to access a route thats being guarded (u need to login first to access it) only to find out i changed /login into /auth/login and forgot to update this bs into the guard so the guard was redirecting to /login which indeed doesnt exist and is a 404 instead of redirecting to /auth/login)
This is such a fucking dumb bug I have to take a fucking break im going outside for a jog and then intense home workout to unfuck my mind
rant