Project

General

Profile

Bug #16774

Updated by Peter Amstutz over 3 years ago

I tried to download a file from keep-web with an invalid token.    In the browser, without using developer tools, there is no feedback to the user why it didn't work. 

 # There is no error page.    For any 4xx or 5xx error it should return a minimal error page 
 # Despite the error is actually that the token is invalid, it returns 404 instead of 401 
 # A 404 can mean either that an item doesn't exist, or that the user doesn't have permission to see it.    The error text should reflect that. 

 Sort of related, I also realized that if keep-web sets a cookie with the API token, there's no way for the user to clear that cookie without going into browser settings.

Back