Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67198

404 errors for missing parameters should be 307

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Deferred
    • Icon: Minor Minor
    • None
    • 3.6.7, 3.7.1, 3.7.2, 3.11.6, 4.0
    • Libraries
    • MOODLE_311_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_400_STABLE
    • MDL-67198-error-307
    • Hide

      1. Log in.
      2. Go to any course.
      3. Change the URL from /course/view.php?id=<real_id> to /course/view.php?id=0 (assuming no one has ever had a course with ID == 0)
      4. Check the normal error page (unspecifycourseid) is shown, but the response header is HTTP/1.1 307 Temporary Redirect instead of HTTP/1.1 404 Not Found

      Show
      1. Log in. 2. Go to any course. 3. Change the URL from /course/view.php?id=<real_id> to /course/view.php?id=0 (assuming no one has ever had a course with ID == 0) 4. Check the normal error page (unspecifycourseid) is shown, but the response header is HTTP/1.1 307 Temporary Redirect instead of HTTP/1.1 404 Not Found

      I am running Moodle 3.7.2 on a shared webserver. My logfiles showed  several scripts generating 404 (and other) errors in what seemed to be a somewhat arbitrary pattern. A few examples:

       

      • /mod/assign/index.php
      • /mod/assign/view.php
      • /mod/lesson/edit.php
      • /mod/lesson/continue.php
      • /mod/lesson/view.php
      • /mod/lesson/essay.php
      • /mod/lesson/lesson.php
      • /mod/lesson/report.php

      After giving it a closer look, I found out that this happens for example if the id parameter is missing. However, this should not happen if people are following a lesson normally. Some users had the problem right after logging in. There is at least one case where the HTTP referrer was mod/lesson/view.php?id=XXX&pageid=XXX, meaning that the id and pageid were there before. In other cases, it is caused by a missing sesskey parameter.

      In my opinion, the 404 Status Code is wrong in that case, because the requested resource is actually found. I suggest setting the response to 307 (Temporary Redirect), because we are only redirecting to an error page for the missing parameters. On the next correct request, the resource will be shipped out normally.

      We should bear in mind that 404 errors might trigger IP bans on shared hosting plans.

      As a workaround, I modified lib/outputrenderers.php on line 2788.

            Unassigned Unassigned
            philippimhof Philipp Imhof
            Ferran Recio Ferran Recio
            Ilya Tregubov Ilya Tregubov
            Gladys Basiana Gladys Basiana
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 36 minutes
                1h 36m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.