⚠️ This post links to an external website. ⚠️
When building a web application, you typically add authorisation checks to ensure that users can only access resources they are permitted to. For example, on a blogging platform, you'd want to ensure that users can only edit or delete their own posts, and not the posts of other users.
If a user tries to access a resource they aren't authorised to, you'd typically return an HTTP 403 response, which pretty much means "Go away! You're not allowed to do that!".
But in this article, we're going to discuss the idea of sometimes returning an HTTP 404 response in these situations instead. We'll also look at how to implement this in a Laravel application, and some of the things you should consider before doing so.
Before we delve any deeper into this article, I also just want to point out that I'm not advocating for completely replacing HTTP 403 responses in your applications with HTTP 404 responses. Instead, I want to discuss the idea of returning 404s in situations where it makes sense and is suitable for the feature you're building.
continue reading on dev.to
If this post was enjoyable or useful for you, please share it! If you have comments, questions, or feedback, you can email my personal email. To get new posts, subscribe use the RSS feed.