feat: Return more 404s vs 403s (#2194)

* feat: Return more 404s vs 403s * Return vague 404 in all cases
2025-07-18 14:17:22 +00:00 · 2022-06-14 10:14:05 -05:00
parent dc1de58857
commit 251316751e
31 changed files with 231 additions and 155 deletions
--- a/coderd/httpapi/httpapi.go
+++ b/coderd/httpapi/httpapi.go
@ -76,6 +76,14 @@ type Error struct {
 	Detail string `json:"detail" validate:"required"`
 }

+// ResourceNotFound is intentionally vague. All 404 responses should be identical
+// to prevent leaking existence of resources.
+func ResourceNotFound(rw http.ResponseWriter) {
+	Write(rw, http.StatusNotFound, Response{
+		Message: "Resource not found or you do not have access to this resource",
+	})
+}
+
 func Forbidden(rw http.ResponseWriter) {
 	Write(rw, http.StatusForbidden, Response{
 		Message: "Forbidden.",