Hidden pages sent 403 Header
When trying to access a hidden page a 403 Header is sent. This has been introduced in #23178
As a hidden page from the frontend view does not exist, it must sent a 404 header and not a 403 which means it is not accessible due to missing authentication
#2 Updated by Markus Klein about 1 year ago
"Funny". Reading my patch 10 month later, I realize the wording of "accessible" does not reflect the actual "forbidden" state, but also all the other enable fields.
That's very unfortunate.
On the other hand: The page does exist, you just don't have access if it is hidden or expired. So semantically that's not really wrong. Do you see any SEO consequences?
#5 Updated by Sascha Egerer about 1 year ago
Markus Klein wrote:
Okay, so we need to revert #23178. Unfortunate, but necessary.
Are you sure? I think we do still need some parts of it. The code must just not be 403 for disabled pages but still for non accessible pages (due to frontend group restriction)
#9 Updated by Urs Braem about 1 year ago
Maybe related (?): for some custom extbase records, when not existing, I get a 303 immediately followed a redirect to the central 404 page (which then throws the correct 404)