Invalid link responds with HTTP 200 status code

[michaelstingl]

Describe the bug

An invalid link shows correct in the web UI (An error occurred while loading the public link), responds with HTTP 200 status code.

Steps to reproduce

Steps to reproduce the behavior:

1. Create invalid link like in "Create and copy public link to clipboard" generates an invalid link #4380
2. Open invalid link in browser ✅
3. Check HTTP status code with curl

Expected behavior

I'd expect a HTTP error code, similar as in oC10

% curl -I "https://demo.owncloud.org/s/Lv742zlpi1K28C" 
HTTP/2 404 
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate, value
content-type: text/html
date: Tue, 23 Aug 2022 12:05:06 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
last-modified: Tue, 23 Aug 2022 12:05:06 GMT
referrer-policy: strict-origin-when-cross-origin
request-id: cc2c4sg744t9ov8htbm0
strict-transport-security: max-age=315360000; preload
x-content-type-options: nosniff
x-errors-version: 0.0.0
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 1828

Actual behavior

Invalid link responds with HTTP 200 status code:

% curl -I "https://ocis.owncloud.com/s/ItYmLwEXCgdwYmU"
HTTP/2 200 
cache-control: max-age=604800, must-revalidate
content-security-policy: frame-ancestors 'self'
content-type: text/html; charset=utf-8
date: Tue, 23 Aug 2022 11:59:29 GMT
expires: Tue, 30 Aug 2022 11:00:05 GMT
last-modified: Tue, 23 Aug 2022 11:00:05 GMT
referrer-policy: strict-origin-when-cross-origin
samesite: Strict
strict-transport-security: max-age=315360000; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-web-version: 2.0.0-beta.6
x-xss-protection: 0

Setup

https://ocis.owncloud.com/

ownCloud Web UI 5.7.0-rc.9 
Infinite Scale 2.0.0-beta.6 Community 

Additional context

Add any other context about the problem here.

@dragotin FYI

[phil-davis]

I added issue owncloud/core#40313 in core to get some API test coverage of this - I don't see any tests that do this at present, so that is why we have not noticed this difference between oC10 and oCIS.

[C0rby]

This one is tricky.
In oC10 the responses are rendered on the server side. That means that when requesting https://demo.owncloud.org/s/Lv742zlpi1K28C the server tries to lookup the share and when it doesn't find it, it returns the error page with the 404 status code.
oCIS is different though. Here the request to https://ocis.owncloud.com/s/ItYmLwEXCgdwYmU loads the static files (html, js, css, etc.) for the web app this returns 200 which makes sense, when the static files could be loaded. Then the web app sends a PROPFIND to https://ocis.owncloud.com/remote.php/dav/public-files/Lv742zlpi1K28C which returns a 404 because the share doesn't exist.

I argue that it doesn't make sense to have a 404 when requesting https://ocis.owncloud.com/s/ItYmLwEXCgdwYmU since the meaning is a different one.

[micbar]

I agree with @C0rby

[michaelstingl]

okay