Bug #17597

[keep-web] Improve error response when AnonymousUserToken not configured and no token provided by client

Added by Tom Clegg 5 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Keep
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
-

Description

Currently, if an incoming request does not provide a token, keep-web sends the configured AnonymousUserToken, even if it's blank -- "Authorization: OAuth2 ". This will never work, so in such cases it should skip the API request and return a more helpful error like "anonymous requests are not enabled" with 404 or 401.

Also available in: Atom PDF