fix: handle expired secrets just like non existing secrets

To avoid leaking information the user should not know why she can't read a secret because it's expired or has no more remaining reads, so return 404.
Ajnasz · Apr 15, 2024 · ac902d0 · ac902d0
1 parent 66eca62
commit ac902d0
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/internal/views/entryread.go b/internal/views/entryread.go
@@ -51,7 +51,7 @@ func (e EntryReadView) Render(w http.ResponseWriter, r *http.Request, response E
 
 func (e EntryReadView) RenderError(w http.ResponseWriter, r *http.Request, err error) {
 	if errors.Is(err, services.ErrEntryExpired) {
-		http.Error(w, "Gone", http.StatusGone)
+		http.Error(w, "Gone", http.StatusNotFound)
 		return
 	}
 
@@ -61,7 +61,7 @@ func (e EntryReadView) RenderError(w http.ResponseWriter, r *http.Request, err e
 	}
 
 	if errors.Is(err, services.ErrEntryNoRemainingReads) {
-		http.Error(w, "Gone", http.StatusGone)
+		http.Error(w, "Gone", http.StatusNotFound)
 		return
 	}