fix(security): 403 Access Denied for signed-in users on private repos #420

Merged

jmiller merged 1 commits from dev into main

2026-06-02 14:27:25 +00:00

Author	SHA1	Message	Date
Jonathan Miller	0add8bda72	fix(security): show 403 Access Denied instead of 404 for signed-in users on private repos Branch Policy Check / Verify merge target (pull_request) Successful in 1s Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Universal: PR Check / Validate PR (pull_request) Failing after 5s Details Branch Cleanup / Delete merged branch (pull_request) Has been skipped Details PR RC Release / Build RC Release (pull_request) Successful in 19s Details Universal: PR Check / Build RC Package (pull_request) Has been cancelled Details Signed-in users who lack permission to a private repo now see a 403 "You do not have permission" instead of a misleading 404. Anonymous users still get 404 to prevent repo enumeration. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:26:21 -05:00