Page MenuHomePhorge

/status should be always allowed in anonymous mode
Open, Needs TriagePublic

Description

/status returns an HTTP 200 "ALIVE" response to be able to perform a basic health check.

On an installation with only one authentication provider, and without public content, it redirects to that provider:

HTTP/2 302 
location: https://..../oauth/.....

That doesn't make sense to require user authentication for that specific scenario, so we could directly serve the 200 ALIVE there too.

Event Timeline

Interestingly accessing /status on secure.phabricator.com seems to return a json object instead of ALIVE.

Looking at PhabricatorStatusController.php it looks like it's trying to indicate that it doesn't require login for accessing but something with OAuth authentication might be interfering with that.

I just tried it here, and it didn't require any auth. maybe something was wrong with our setup at the time?