Page Not Found with Public Access #2286

New Issue

OVERLORD · 2026-02-05T03:34:09+03:00

OVERLORD commented

2026-02-05 03:34:09 +03:00

Originally created by @techauthoruk on GitHub (Jun 9, 2021).

Hi

Not a bug, but I wonder if there is a workaround.

I have public access enabled in my instance of Bookstack. If I send a link to a file that is in a public shelf, all is fine. However, if I send a link to a file that isn't displayed publically, my users get a page not found error.

I know that this is actually true, but many of my users miss the fact there is a log in button at the top right of the screen - is it possible to display something other than the page not found message, or make the page more obvious with regard to having to log in before viewing the file?

Thanks

Mark

Originally created by @techauthoruk on GitHub (Jun 9, 2021). Hi Not a bug, but I wonder if there is a workaround. I have public access enabled in my instance of Bookstack. If I send a link to a file that is in a public shelf, all is fine. However, if I send a link to a file that isn't displayed publically, my users get a page not found error. I know that this is actually true, but many of my users miss the fact there is a log in button at the top right of the screen - is it possible to display something other than the page not found message, or make the page more obvious with regard to having to log in before viewing the file? Thanks Mark

OVERLORD closed this issue

2026-02-05 03:34:11 +03:00

OVERLORD commented

2026-02-05 03:34:13 +03:00

@ssddanbrown commented on GitHub (Jun 13, 2021):

Hi @techauthoruk,

There's some context to this behaviour within #2606, but to summarise, this is done on purpose. We can't really know if the page content will exist for that person until they login anyway due to potential custom permissions. Alongside that, indicating that the page exists, while they may not have permissions/login for the content, would leak evidence of existence which would be a security problem for many BookStack instances.

At one point, we did attempt to make it more obvious by updating the wording and adding a login button within the error box but it may still not be obvious enough for your users.

What you could do, for your own instance is to customize the view/text shown upon 404/not-found. With your request in mind, I've made this a little easier/cleaner to achieve within the theme system as part of BookStack v21.05.2 . This is how you could do this (Assuming no existing theme system is in use and you're on linux):

# Ensure you've updated to at least BookStack v21.05.2 before starting the below.

# Enter your BookStack installation folder
cd /var/www/bookstack

# Open your .env file in a text editor and add the following line
APP_THEME=custom

# Create the "custom" theme folder and the directory path within that we'll later need
mkdir -p themes/custom/errors/parts

# Copy the default BookStack not-found-text view into your theme
cp resources/views/errors/parts/not-found-text.blade.php themes/custom/errors/parts/not-found-text.blade.php

## Then edit the "themes/custom/errors/parts/not-found-text.blade.php" file to your liking, adding extra direction for your users

Let me know if you need any further guidance on the above or have any issues, Or if you need an example of adding something specific. Otherwise I'll close this off after a few days.

@ssddanbrown commented on GitHub (Jun 13, 2021): Hi @techauthoruk, There's some context to this behaviour within #2606, but to summarise, this is done on purpose. We can't really know if the page content will exist for that person until they login anyway due to potential custom permissions. Alongside that, indicating that the page exists, while they may not have permissions/login for the content, would leak evidence of existence which would be a security problem for many BookStack instances. At one point, we did attempt to make it more obvious by updating the wording and adding a login button within the error box but it may still not be obvious enough for your users. What you could do, for your own instance is to customize the view/text shown upon 404/not-found. With your request in mind, I've made this a little easier/cleaner to achieve within the theme system as part of BookStack v21.05.2 . This is how you could do this (Assuming no existing theme system is in use and you're on linux): ```bash # Ensure you've updated to at least BookStack v21.05.2 before starting the below. # Enter your BookStack installation folder cd /var/www/bookstack # Open your .env file in a text editor and add the following line APP_THEME=custom # Create the "custom" theme folder and the directory path within that we'll later need mkdir -p themes/custom/errors/parts # Copy the default BookStack not-found-text view into your theme cp resources/views/errors/parts/not-found-text.blade.php themes/custom/errors/parts/not-found-text.blade.php ## Then edit the "themes/custom/errors/parts/not-found-text.blade.php" file to your liking, adding extra direction for your users ``` Let me know if you need any further guidance on the above or have any issues, Or if you need an example of adding something specific. Otherwise I'll close this off after a few days.

OVERLORD commented

2026-02-05 03:34:17 +03:00

@techauthoruk commented on GitHub (Jun 13, 2021):

Mark
Hi Dan

Thank you for this - it is much appreciated. I will endeavour to make the
changes tomorrow and then let you know

On Sun, Jun 13, 2021 at 2:56 PM Dan Brown @.***> wrote:

Hi @techauthoruk https://github.com/techauthoruk,

There's some context to this behaviour within #2606
https://github.com/BookStackApp/BookStack/issues/2606, but to
summarise, this is done on purpose. We can't really know if the page
content will exist for that person until they login anyway due to potential
custom permissions. Alongside that, indicating that the page exists, while
they may not have permissions/login for the content, would leak evidence of
existence which would be a security problem for many BookStack instances.

At one point, we did attempt to make it more obvious by updating the
wording and adding a login button within the error box but it may still not
be obvious enough for your users.

What you could do, for your own instance is to customize the view/text
shown upon 404/not-found. With your request in mind, I've made this a
little easier/cleaner to achieve within the theme system as part of
BookStack v21.05.2 . This is how you could do this (Assuming no existing
theme system is in use and you're on linux):

Ensure you've updated to at least BookStack v21.05.2 before starting the below.

Enter your BookStack installation foldercd /var/www/bookstack

Open your .env file in a text editor and add the following line

APP_THEME=custom

Create the "custom" theme folder and the directory path within that we'll later need

mkdir -p themes/custom/errors/parts

Copy the default BookStack not-found-text view into your theme

cp resources/views/errors/parts/not-found-text.blade.php themes/custom/errors/parts/not-found-text.blade.php

Then edit the "themes/custom/errors/parts/not-found-text.blade.php" file to your liking, adding extra direction for your users

Let me know if you need any further guidance on the above or have any
issues, Or if you need an example of adding something specific. Otherwise
I'll close this off after a few days.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/BookStackApp/BookStack/issues/2796#issuecomment-860215194,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ANS7XS5N4RDGTDZO2E6PCBLTSS2KTANCNFSM46LPFGOQ
.

@techauthoruk commented on GitHub (Jun 13, 2021): Mark Hi Dan Thank you for this - it is much appreciated. I will endeavour to make the changes tomorrow and then let you know On Sun, Jun 13, 2021 at 2:56 PM Dan Brown ***@***.***> wrote: > Hi @techauthoruk <https://github.com/techauthoruk>, > > There's some context to this behaviour within #2606 > <https://github.com/BookStackApp/BookStack/issues/2606>, but to > summarise, this is done on purpose. We can't really know if the page > content will exist for that person until they login anyway due to potential > custom permissions. Alongside that, indicating that the page exists, while > they may not have permissions/login for the content, would leak evidence of > existence which would be a security problem for many BookStack instances. > > At one point, we did attempt to make it more obvious by updating the > wording and adding a login button within the error box but it may still not > be obvious enough for your users. > > What you could do, for your own instance is to customize the view/text > shown upon 404/not-found. With your request in mind, I've made this a > little easier/cleaner to achieve within the theme system as part of > BookStack v21.05.2 . This is how you could do this (Assuming no existing > theme system is in use and you're on linux): > > # Ensure you've updated to at least BookStack v21.05.2 before starting the below. > # Enter your BookStack installation foldercd /var/www/bookstack > # Open your .env file in a text editor and add the following line > APP_THEME=custom > # Create the "custom" theme folder and the directory path within that we'll later need > mkdir -p themes/custom/errors/parts > # Copy the default BookStack not-found-text view into your theme > cp resources/views/errors/parts/not-found-text.blade.php themes/custom/errors/parts/not-found-text.blade.php > ## Then edit the "themes/custom/errors/parts/not-found-text.blade.php" file to your liking, adding extra direction for your users > > Let me know if you need any further guidance on the above or have any > issues, Or if you need an example of adding something specific. Otherwise > I'll close this off after a few days. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/BookStackApp/BookStack/issues/2796#issuecomment-860215194>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/ANS7XS5N4RDGTDZO2E6PCBLTSS2KTANCNFSM46LPFGOQ> > . >

OVERLORD commented

2026-02-05 03:34:21 +03:00

@techauthoruk commented on GitHub (Jun 14, 2021):

@ssddanbrown Good morning Dan. I first tries the approach outlined in #2606, but unfortunately I could not get the redirect to work; it wouldn't go past the log in dialog. Instead for now I have just added some text to explain the need to log in. However, I like the idea of #2606, so it would be good to figure out how to make that work in my instance.

@techauthoruk commented on GitHub (Jun 14, 2021): @ssddanbrown Good morning Dan. I first tries the approach outlined in #2606, but unfortunately I could not get the redirect to work; it wouldn't go past the log in dialog. Instead for now I have just added some text to explain the need to log in. However, I like the idea of #2606, so it would be good to figure out how to make that work in my instance.

OVERLORD commented

2026-02-05 03:34:24 +03:00

@ssddanbrown commented on GitHub (Jun 15, 2021):

Hi @techauthoruk,
Sorry, I'm a bit lost. Could you confirm exactly what functionality within #2606 you're attempting to achieve, and what authentication system you're currently using?

@ssddanbrown commented on GitHub (Jun 15, 2021): Hi @techauthoruk, Sorry, I'm a bit lost. Could you confirm exactly what functionality within #2606 you're attempting to achieve, and what authentication system you're currently using?

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2286