diff --git a/api/kiwi_vpn_api/routers/_common.py b/api/kiwi_vpn_api/routers/_common.py index 463f87f..fd380c5 100644 --- a/api/kiwi_vpn_api/routers/_common.py +++ b/api/kiwi_vpn_api/routers/_common.py @@ -84,7 +84,8 @@ async def get_current_user_if_exists( # fail if not requested by a user if current_user is None: - raise HTTPException(status_code=status.HTTP_404_NOT_FOUND) + # don't use error 404 here: possible user enumeration + raise HTTPException(status_code=status.HTTP_403_FORBIDDEN) return current_user