Lack of interest Improve HTTP status codes

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.

S Thomas

Well-known member
As discussed here, XF should use different status codes when something is view restricted, especially on the board url / homepage because these are landing pages.
Reason for this is that landing pages are public and meant to ask for credentials.
What a 403 does on these pages is it limits spiders and external third party applications because a 403 signals "nothing to do here, closed". That's not true, because the landing pages are open, after all, you can log in on those pages without any restriction from XF. That's what they are designed for. See facebook.com, twitter.com, etc. Or your admin control panel login.

Current behaviour: View restrictions always throws a 403.

Proposed behaviour:
  • Guest (includes spiders)
    1. On landing page(s): 200 + login page
    2. Landing on any other route & first visit: 30x + redirect to login page
    3. Landing on any other route & not first visit: same as 2. or 403 + login page
  • Visitor (logged in user)
    • No changes.
Note: Hiding content behind status codes will still work because the status code does not reveal if content actually exists. This behaviour won't change with new status codes.
 
Upvote 2
This suggestion has been closed. Votes are no longer accepted.
Top Bottom