Feature #14356
Accessing a file ressouorce URL should have HTTP 401 header if not logged in
| Status: | New | Start date: | ||
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | Accounts / authentication | |||
| Target version: | - | |||
| Resolution: |
Description
If I'm logged in to Redmine and have files attached to a ticket or document, I can copy the URL to this file.
If I drop this URL to my browser adress bar, I get an HTTP 200 header and can download the file immediately.
But if I drop this URL to any other program where I not have logged in yet, I receive also a HTTP 200 header.
It would be very nice to recieve a HTTP 401 header, if the request is redirected to the login screen due to no valud user session.