Reputation: 86
Report a bug or not
I am able to bypass 403 page using OPTIONS request method and getting 200 OK response. The page is an assets/css folder. Is it a bug or not that I can report to website? Please help
Upvotes: 0
Views: 36
Answers (1)
Reputation: 764
It depends what you mean by "bypass", and whether you are able unexpectedly extract any sensitive information (that should have been protected by authorization) via the OPTIONS request.
In general, it is normal to render a 2XX response to a preflight (OPTIONS) request if the page in question is marked as allowed for cross-origin access. See also answers in: Response for preflight 403 forbidden.
The principal difference here is that if you get an error response for OPTIONS, a cross-origin request from the browser wouldn't even be able to find out that 403; it wouldn't even be performed if the preflight failed.
TL;DR most probably not a bug, working as intended.
Upvotes: 1
Related Questions
- Where can I report a GitHub bug?
- Where can I report a git bug
- Where should I report a bug - Firefox or Internet Explorer?
- report an exactly same bug using Issues tab on github
- Bugzilla Reporting
- Where to report Javascript bugs?
- How, as a programmer, to report bugs I find in core Gecko browser-engine behavior in Firefox
- How to submit a bug report to the Sharepoint 2010 Product team?
- How to report a bug to sharepoint 2013 team?
- Javascript Bug Report