this post was submitted on 08 Jun 2023
277 points (100.0% liked)
Technology
37737 readers
552 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
A "quick fix" might be to test for a user unapproved status on login and provide it as a status (e.g. 404:application_denied). Then the behaviour can be either release all created but unapproved accounts after 24hrs elapse or perma-"ban" until approved like it is now depending on server preferences.
"Quick fix" as in it's seems quick but will take me a while to implement if I were to try and I won't have time for a few days to get serious and become familiar with the code.
404 wouldn't be the right status code, 403 would be more suitable.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#client_error_responses
In this case, I agree that 403 is the better response, but for some resources, in the name of security and privacy, 404 might be more appropriate depending on the request.
Yeah at work we mask all responses to the client in production to x00, but in the scenereo the original commenter laid out exposing the 403 would be best.
Adding a modal client side would prob be best here.