Hi there,
On 08/09/2012 02:33 PM, Tim Pizey wrote:
I have done a little googleing around the practice of returning 404
rather than 403
for unauthorised access.
Most people seem to think it is bad practice.
I imagine the motivation is to prevent automatic url guessing.
It would be preferable, for me, if a redirect (307 Temporary Redirect)
to the Jenkins top level url was issued,
instead of both genuinely non-existant and unauthorised urls, as I
find myself url editting quite a lot at the moment.
Check out this previous thread on the topic:
https://groups.google.com/d/msg/jenkinsci-users/97hZ7JBNWpc/ohBBu3ur4LcJ
Regards,
Chris
