nuget api: auth inconsistency
Summary
From !38627 (comment 407785017), when accessing the nuget service index on a public project, the NuGet Repository returns:
- With no token,
200 Ok
- With a wrong personal access token,
200 Ok
- With a wrong ci token,
401 Unauthorized
Case (2.) and (3.) are inconsistent. The question is: what do we do with read only requests on public projects with wrong credentials. Do we allow them (200 Ok
) or not? (401 Unauthorized
)
Improvements
- Choose a common response code for both cases
Risks
Involved components
Edited by David Fernandez