Why does the URL return my site's login page (401 Unauthorized error ) rather than a 404 Not Found error?
|Knowledge Article Number||000233439|
|Description||If a page does not exist on a site, the expectation would be that 404 Not Found HTTP Status Code is returned.
For example, try the following in the browser:
This returns a page showing the following:
The requested URL
However when the URL contains unsupported characters like the hyphen that are not supported in a Visualforce page name, the 401 Unauthorized HTTP Status Code is returned instead.
This is behavior related to Site Guest Users and Portal users that has existed in Salesforce for a number of releases and will not be changed. Otherwise for an authenticated user to a site, a handled exception is actually thrown with the following message and sent to the Administrator of the site:
"The name can only contain underscores and alphanumeric characters. It must begin with a letter and be unique, and must not include spaces, end with an underscore, or contain two consecutive underscores"
For a Visualforce driven site, if the URL provided is not mapped to anything it will try to map it to a Visualforce page. The handled exception for unsupported characters is checked in a filter and thrown before the check to see if the page actually exists. This may manifest as a 401 Unauthorized HTTP Status code in the case of Site Guest Users and Portal users and direct to the site's login page.
|Resolution||Either, add Site URL Redirects for any bookmarks at issue.
Educate users to update their bookmarks.