[GH-ISSUE #1282] 403 when requesting designated topics when auth deny-all is used #909

New issue

Closed

opened 2026-05-07 00:28:39 +02:00 by BreizhHardware · 2 comments

BreizhHardware commented 2026-05-07 00:28:39 +02:00

Owner

Copy link

Originally created by @elyashivhazan on GitHub (Feb 23, 2025).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1282

🐞 Describe the bug
When enabling auth with deny-all the Public/designated topics dont work, when using a real user (not admin) the server is responding with 403, with a made up user the server is responding with 401.
The server should respond with 401 for unauthorized users but respond with true (json) when authorized.

💻 Components impacted
Using the designated topics

💡 Screenshots and/or logs

🔮 Additional context
Could be related to #1018 because i found that issue when trying to use this app

i have solved this issue by running:

ntfy access '*' "stats" ro
ntfy access '*' "announcements" ro

i hope this could be solved, honestly i have no idea if its on purpose (if it is pleases mention in the docs)

if you need more info i will gladly provide

Originally created by @elyashivhazan on GitHub (Feb 23, 2025). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1282 :lady_beetle: **Describe the bug** When enabling auth with deny-all the [Public/designated topics](https://docs.ntfy.sh/publish/#public-topics) dont work, when using a real user (not admin) the server is responding with 403, with a made up user the server is responding with 401. The server should respond with 401 for unauthorized users but respond with true (json) when authorized. :computer: **Components impacted** Using the designated topics :bulb: **Screenshots and/or logs** :crystal_ball: **Additional context** Could be related to #1018 because i found that issue when trying to use [this app](https://flathub.org/apps/com.ranfdev.Notify) i have solved this issue by running: ``` ntfy access '*' "stats" ro ntfy access '*' "announcements" ro ``` i hope this could be solved, honestly i have no idea if its on purpose (if it is pleases mention in the docs) if you need more info i will gladly provide

BreizhHardware 2026-05-07 00:28:39 +02:00

• closed this issue
• added the
  🪲 bug
  label

BreizhHardware commented 2026-05-07 00:28:40 +02:00

Author

Owner

Copy link

@wunter8 commented on GitHub (Feb 24, 2025):

I'm not exactly sure what you mean. Are you referring to the topics stats and announcements on a self-hosted instance? They don't exist by default. They are special topics on the ntfy.sh instance, but they aren't included on self-hosted instances/nothing is posted automatically to those topics on a self-hosted instance.

So, if you want people to be able to access those topics on your server, and you have default access set to deny-all, you'll need to allow read-only access to those topics like you did above

<!-- gh-comment-id:2677352763 --> @wunter8 commented on GitHub (Feb 24, 2025): I'm not exactly sure what you mean. Are you referring to the topics `stats` and `announcements` on a self-hosted instance? They don't exist by default. They are special topics on the ntfy.sh instance, but they aren't included on self-hosted instances/nothing is posted automatically to those topics on a self-hosted instance. So, if you want people to be able to access those topics on your server, and you have default access set to `deny-all`, you'll need to allow `read-only` access to those topics like you did above

BreizhHardware commented 2026-05-07 00:28:40 +02:00

Author

Owner

Copy link

@elyashivhazan commented on GitHub (Feb 24, 2025):

Hi, i didnt except for messages to be sent automatically but to behave as in the main server because some apps using them as checks with them.
I guess its the app problem so im going to close this issue.

I think it should be mentioned in the docs.

have a nice day

<!-- gh-comment-id:2678444512 --> @elyashivhazan commented on GitHub (Feb 24, 2025): Hi, i didnt except for messages to be sent automatically but to behave as in the main server because some apps using them as checks with them. I guess its the app problem so im going to close this issue. I think it should be mentioned in the docs. have a nice day

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/web/babel/plugin-transform-modules-systemjs-7.29.4

dependabot/npm_and_yarn/web/fast-uri-3.1.2

email-verification

attachment-no-http2

attachment-fixes

attachment-s3

config-generator

postgres-replica

dockers-v2

postgres-support

postgres-webpush+user+message

postgres-webpush+user

postgres-webpush

1364-copy-action

crashfix

user-header

scalar-api-docs

cancel-scheduled

update-available

windows-server

303-update-notifications

postgres

admin-ui

require-login

http-clipboard

message-cache-lock

debian-stripe

predefined-users

busy-timeout

template-dir

ipv6

client-ip-header

apns-fix

feat_optional_require_login

security-updates

pg-message-cache

templating-disallow

templating-3

templating-2

message-size-limit+delay-limit

remove-rate-topics

html-emails

cf-priority

acl-underscores

auth-user-header

markdown

img-attach

web-improvements

utf8-headers

matrix-507-reject

http-response-writer

new-homepage-design

e2e

canary

windows

electron

update-messages

webhook-templating

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.19.2

v2.19.1

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.14.0

v2.13.0

v2.12.0

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.31.0

v1.30.1

v1.29.1

v1.29.0

v1.28.0

v1.27.2

v1.27.1

v1.26.0

v1.25.2

v1.25.1

v1.25.0

v1.24.0

v1.23.0

v1.22.0

v1.21.2

v1.21.1

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.0

v1.15.0

v1.14.1

v1.14.0

v1.13.0

v1.12.1

v1.12.0

v1.11.1

v1.11.2

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.1

v1.6.0

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.3

v1.3.1

v1.3.0

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

ai-generated

  

android-app

  

android-app

  

android-app

  

🪲 bug

  

build

  

build

  

dependencies

  

docs

  

enhancement

  

enhancement

  

🔥 HOT

  

in-progress 🏃

  

ios

  

prio:low

  

prio:low

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

🔒 security

  

server

  

server

  

unified-push

  

web-app

  

website

No labels

ai-generated

android-app

android-app

android-app

🪲 bug

build

build

dependencies

docs

enhancement

enhancement

🔥 HOT

in-progress 🏃

ios

prio:low

prio:low

pull-request

question

🔒 security

server

server

unified-push

web-app

website

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ntfy#909

No description provided.