Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

9.0 Security polish AccessDenied exception behaviour #5372

Open
mhsdesign opened this issue Nov 18, 2024 · 0 comments
Open

9.0 Security polish AccessDenied exception behaviour #5372

mhsdesign opened this issue Nov 18, 2024 · 0 comments

Comments

@mhsdesign
Copy link
Member

christian and me discussed that the cr AccessDenied exception must be caught in controllers and wrapped into a flow AccessDeniedException to initiate a redirect or set the correct flow status to 403

Also sometimes we have some special condition to let AccessDeniedException always bubble up for example in the fusion runtime, so its not rendered as error.

And the frontend usecase has to be checked if live is not viewable to anyone.

Originally posted by @mhsdesign in #5298 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mhsdesign