Why does detailed 404 security setting not explain why I can't access subcategory?

Nikki_Locke · April 27, 2020, 9:56am

We have used Discourse groups extensively so that people have to join a group to see most subcategories.

People are now complaining that, if someone sends them a link to something which is in a group they are not a member of, they get a mystifying 404 page that tells them nothing.

I would like the page to tell them which group the subcategory is in (with a link to the group, if it is public or invite only).

I stumbled on the “detailed 404” setting under Security, and turned it on. Now things are even worse! The page you get to looks the same, but the url at the top is no longer the url the user pasted in, but /404. There is no information visible on the page to tell you why it is private.

The page source is quite different, however, and there is a header:

    <meta name="description" content="This forum is owned by Wigan Local Group. It is a public discussion forum for the work of the group. Enquire here to contact us or join any of our private forums.">

(This is the forum description post).

Is there some other setting somewhere that I need to change to make this work as designed?

codinghorror · April 28, 2020, 4:51am

Can you provide specific URLs as examples? I am having trouble understanding what you’ve written here.

Nikki_Locke · April 29, 2020, 8:12pm

Difficult, as out server is not open to the public. If you would like to PM me your email address, I can invite you to it.

codinghorror · April 29, 2020, 9:40pm

Can you provide representative URLs with the relevant bits (domain, etc) changed to other nonsense words?

justin · April 29, 2020, 11:06pm

I think what you’re describing is normal behavior for the site.

Instead of the 404 page showing on categories that a user does not have access to, you want a page that shows them what the category is and to be able to join the group to access it?

There’s no way to configure this in Discourse, but you could get someone to write a plugin for this in marketplace. This isn’t a trivial effort, though, so you will need to have a reasonable budget for this.

Stephen · April 30, 2020, 6:34am

The alternative is to acknowledge that a post or category exists, potentially leaking information.

Nikki_Locke · April 30, 2020, 7:25am

Thanks. If that is the case, what is the detailed 404 setting for, then?

Topic		Replies	Views
Detailled 404 for category page Feature	8	1046	June 28, 2021
Detailed 404 not working anymore Bug	4	306	March 31, 2024
Redirect to protected category after login Support	12	1280	October 16, 2019
Asking for access to a private category Feature	21	2598	October 24, 2024
Custom 404 page - existing plugins? Support	21	2188	June 3, 2020

Why does detailed 404 security setting not explain why I can't access subcategory?

Related Topics