How to distinguish among errors due to anoymous access?
yxiang92128 opened this issue · 1 comments
yxiang92128 commented
We have observed that the SDK returns the same http code as 404 and the same error message as “The specified resource does not exist.” to the following three cases:
- List against a non-existing container with empty anonymous credential because that container is not there.
- List against a private container with empty anonymous credential because container is not enabled for anonymous access.
- List against an anonymous-blob-only container with empty anonymous credential because container level access is prohibited for anonymous user.
I wonder if at least for case 2 and 3, it should return HTTP code 403 instead?
Thanks,
Yang
Jinming-Hu commented
Both Case 2 and 3 are by design. So that malicious users cannot detect if a container exists.