One of my users reported getting an ‘Unauthorized Error’ after clicking a button on a Sites Visualforce page. What could be the reason for this?
Well, you might think that the obvious reason would be that the VF page wasn’t included as an allowed page in the Sites Guest user profile. This is easy to check by going to:
Setup | Develop | Sites | mysite | Visualforce Pages
But, the page was enabled. Hmm.
I recreated the error and examined the debug logs. Perhaps the controller was throwing an exception. Remember, you have to monitor the sites guestuser, not yourself, to see the debug logs. But, no controller exception.
I looked through the change history and noted the controller had been updated recently so it must have had something to do with a relatively recent Story.
And the answer was…..
While the controller had been updated (certain getters had their names changed), the VF page hadn’t been updated to reflect the new getter properties. The developer had neglected to test the VF page and had a test been done, the “unauthorized error” would have surfaced and the change wouldn’t have been pushed into production [the developer was me 🙁 ]
Here what was happening:
- At run time, clicking the button requested VF to serve up
- VF does a runtime compile of the page
- The compile fails because the page references getters on the controller that no longer exist
- Sites default error handling ensues. In our case, this displays the Out-of-the-box unauthorized page