FIX: Crawlers see 404 when public_can_see_profiles is true

2024-12-20 12:47:22 +08:00 · 2024-12-20 12:47:22 +08:00 · 6b184ee7ec
parent 0410c07342
commit 6b184ee7ec
2 changed files with 9 additions and 9 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -115,7 +115,7 @@ class UsersController < ApplicationController
  end
  def show(for_card: false)
-    guardian.ensure_public_can_see_profiles!
+    raise Discourse::NotFound unless guardian.public_can_see_profiles?
    @user =
      fetch_user_from_params(
@ -164,7 +164,7 @@ class UsersController < ApplicationController
  # This route is not used in core, but is used by theme components (e.g. https://meta.discourse.org/t/144479)
  def cards
-    guardian.ensure_public_can_see_profiles!
+    raise Discourse::NotFound unless guardian.public_can_see_profiles?
    user_ids = params.require(:user_ids).split(",").map(&:to_i)
    raise Discourse::InvalidParameters.new(:user_ids) if user_ids.length > 50
@ -498,7 +498,7 @@ class UsersController < ApplicationController
  end
  def summary
-    guardian.ensure_public_can_see_profiles!
+    raise Discourse::NotFound unless guardian.public_can_see_profiles?
    @user =
      fetch_user_from_params(
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@ -4281,10 +4281,10 @@ RSpec.describe UsersController do
        expect(response.status).to eq(200)
      end
-      it "returns 403 for anonymous users" do
+      it "returns 404 for anonymous users" do
        get "/u/#{user.username_lower}/summary.json"
-        expect(response.status).to eq(403)
+        expect(response.status).to eq(404)
      end
    end
@ -4669,10 +4669,10 @@ RSpec.describe UsersController do
        expect(response).to have_http_status(:forbidden)
      end
-      it "should 403 correctly for crawlers when profiles are hidden" do
+      it "should 404 correctly for crawlers when profiles are hidden" do
        SiteSetting.hide_user_profiles_from_public = true
        get "/u/#{user.username}", headers: { "User-Agent" => "Googlebot" }
-        expect(response).to have_http_status(:forbidden)
+        expect(response).to have_http_status(:not_found)
        expect(response.body).to have_tag("body.crawler")
        expect(response.headers["X-Robots-Tag"]).to eq("noindex")
      end
@ -4883,7 +4883,7 @@ RSpec.describe UsersController do
      it "should have http status 403 for anonymous user when profiles are hidden" do
        SiteSetting.hide_user_profiles_from_public = true
        get "/u/#{user.username}/card.json"
-        expect(response).to have_http_status(:forbidden)
+        expect(response).to have_http_status(:not_found)
      end
    end
@ -4957,7 +4957,7 @@ RSpec.describe UsersController do
    it "should have http status 403 for anonymous user when profiles are hidden" do
      SiteSetting.hide_user_profiles_from_public = true
      get "/user-cards.json?user_ids=#{user.id},#{user2.id}"
-      expect(response).to have_http_status(:forbidden)
+      expect(response).to have_http_status(:not_found)
    end
    context "when `hide_profile` user option is checked" do