Unauthorized access sends a 200 response with a 403 error in it

Question

Unauthorized access sends a 200 response with a 403 error in it

florentdestremau opened this issue 7 years ago · comments

Hi,
I just discovered this bundle yesterday but I noticed that whenever I use a voter to remove access to a particular response, the overall response of my request is a 200, and the body contains a

{
    "errors": [
        {
            "message": "Access Denied.",
            "code": 403
        }
    ]
}

This is very not cool to catch 😄. Is there any way to make the controller return a 403 response so that it can be properly catched ?

Thanks !

Antoine Lemaire · Answer 1 · Sat Jul 07 2018 00:17:07 GMT+0800 (China Standard Time)

I have the same issue, did you found what's wrong?

Do you also are on SF4?

Florent Destremau · Answer 2 · Sat Jul 07 2018 00:33:40 GMT+0800 (China Standard Time)

Symfony 3.4

This issue is invalid as your separate queries should not have a global error code if only of them is unauthorized. So this pretty much looks like a fundamental design this.