-
I was using following webhook api to run GitHub Actions
This API returns |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
I think this behavior is somewhat consistent, e.g. there is a private repository https://github.com/github/rest-api-operations but GitHub gives you a 404 if you’re not an authorized member. Could be considered security by obscurity I suppose? |
Beta Was this translation helpful? Give feedback.
-
In most cases, when a user tries to visit a page that he does not have the access on GitHub, he will get the “404 Not Found”.
|
Beta Was this translation helpful? Give feedback.
-
Thanks for your replies. Take that into consideration, IMO, message like “no resources found under your scope” is more balanced in terms of developer-friendliness and security. Anyway, your comments are really helpful to understand how 404 comes from (and it is consist behavior through GitHub services). |
Beta Was this translation helpful? Give feedback.
@kenchon,
In most cases, when a user tries to visit a page that he does not have the access on GitHub, he will get the “404 Not Found”.
I think we can explain this with the two points below:
GitHub searches the pages within the accessible scopes of the user’s token (or the user). If the requested page is not found within the accessible scopes, the “404 Not Found” returned.
If the requested page is not found within the accessible scopes of the user, it is completely unnecessary to tell the user that the requested page really exists. As @Simran-B mentioned, it may be a security policy that using an obscure message.