Kieran Hunt

Stop redirecting on unauthorized errors

✦ 2023-02-09

Here’s a scenario:

  1. A colleague on Slack sends you a link to some page they want you to check out. Maybe something like
  2. You click the link.
  3. The backend decides that you don’t have access to view some-resource.html.
  4. It returns a redirect to
  5. You read the error message that tells you that you don’t have access to view that page.
  6. You return to Slack and ask your colleague to grant you access.
  7. They apologise and say that they’ve fixed it.
  8. You return to your browser and refresh.
  9. Still an unauthorized error.
  10. You wonder if there’s some eventual consistency in the system, maybe your colleague granted you access to the wrong page, or maybe they granted access to the wrong person.
  11. You then realise that you’re still at unauthorized.html (not the page you actually want) so you go back to Slack and click the link again.

Why do this?