undefined | Better HN

0 pointsIanCal11y ago0 comments

> that image not found error is given as an auth error message!

404s are pretty common for that. Github, for example, returns "not found" pages for repos you can't access.

Edit - however the login process is quite awkward, though set for improvement.

0 comments

3 comments · 1 top-level

NeutronBoy11y ago· 2 in thread

If only there were a separate error code to specifically indicate an authentication problem that could be returned...

yrro11y ago

Github don't use the error code because to do so would leak information about the names of private repositories.

derefr11y ago

It would be more correct, then, to signal an authentication error for all nonexistent-and-or-private repos. After all, you aren't authorized to know whether a repo exists by that name or not... whether or not one actually does. (This would also imply that organization owners (and Github CSRs and ops staff) would simply bypass that check, falling through to a check only for existence, where it would be appropriate to return 404.

A similar reasoning is behind why you get a 403, not a 404, when you try to get the index of an empty S3 bucket. Sure, it doesn't exist—but you're also not allowed to know that.

1 more reply

j / k navigate · click thread line to collapse