Page MenuHomePhorge
Create Task
Maniphest T15073

/status should be always allowed in anonymous mode
Open, Needs TriagePublic
Actions

Description

/status returns an HTTP 200 "ALIVE" response to be able to perform a basic health check.

On an installation with only one authentication provider, and without public content, it redirects to that provider:

HTTP/2 302 
location: https://..../oauth/.....

That doesn't make sense to require user authentication for that specific scenario, so we could directly serve the 200 ALIVE there too.

Event Timeline

dereckson created this task.Mar 19 2022, 01:26
Herald added subscribers: chris, speck, tobiaswiese. · View Herald TranscriptMar 19 2022, 01:26
avivey awarded a token.Mar 19 2022, 07:48
speck added a comment.Mar 20 2022, 21:10

Interestingly accessing /status on secure.phabricator.com seems to return a json object instead of ALIVE.

Looking at PhabricatorStatusController.php it looks like it's trying to indicate that it doesn't require login for accessing but something with OAuth authentication might be interfering with that.

avivey subscribed.Sep 20 2022, 06:48

I just tried it here, and it didn't require any auth. maybe something was wrong with our setup at the time?

Herald added a subscriber: Cigaryno. · View Herald TranscriptSep 20 2022, 06:48
pasik subscribed.Sep 20 2022, 19:56
avivey removed a project: Phorge General/Unknown.May 9 2023, 10:42