BlogGetting 404 when expecting 401

Getting 404 when expecting 401

OptimizelyHeadlessError
24 March 2025

A short story about the mysterious behavior of an API in headless architecture.

Rubik's Cube as metaphor for hard problems to solve.

There is a noticeable wind of change in my experience with Optimizely projects. I am more involved in projects with headless architecture (PaaS CMS with REST API and Graph + FE app), which is new for me. It brings excitement and new challenges.

One of them is quite an unusual issue I was experiencing. Everything is set up, and the API works fine, except for one small detail. When accessing a secure endpoint while being unauthorized, the API returns a 404 HTTP code instead of 401. And it happens only on DXP. The local environment is fine.

Hours or even days of double-checking site setup, middleware, and auth configuration yielded no clues. I almost gave up, but finally, I found a reason.

Apparently, the CMS UI, when initialized, adds StatusCodePagesMiddleware for environments other than development. Everything is happening in the process of AddCms() → AddCmsUi(), which registers ErrorsStartupFilter. This is checking the environment and adding middleware to the pipeline. So what is it doing then? When there is an HTTP result other than 200, it will try to find the HTML page for a specific status code, 401 in this case. What if there is no such a page? It returns 404.

Screenshot of decompiled ErrorsStartupFilter

What is a workaround for it? Middleware just needs to be told when it shouldn’t make this operation. How? Simply by adding the [SkipStatusCodePages] attribute to our API controller. Problem solved, now 401 is successfully returned when needed.

More articles

Bunch of decimal numbers
OptimizelyGraphCommerce.NET

Decimal numbers in Optimizely Graph

Storing prices as decimal numbers on a commerce website and planning to expose them through Optimizely Graph? It might not be as straightforward as it seems.

Hand with puzzles
OptimizelySaaSCMSCoveoSearch

Optimizely SaaS CMS + Coveo Search Page

Short on time but need a listing feature with filters, pagination, and sorting? Create a fully functional Coveo-powered search page driven by data from the Optimizely SaaS CMS - all during just a break between coffee refills.

Browser console errors
OptimizelyCMS 11CMSBugsUI

Block type selection doesn't work

Imagine you're trying to create a new block in a specific content area. You click the "Create" link, expecting to see a CMS modal with a list of available blocks. Instead, you're greeted with an empty view and a console error. What's going on?

Photo by Merakist on Unsplash
SEO.NETOptimizely

SEO redirects in .NET + Optimizely

Nice and easy way to add necessary SEO redirects

Magnifying glass
OptimizelySearchAutocomplete

Optimizely Autocomplete (Statistics)

A user starts typing in the search input, and it returns suggestions for phrases they might be searching for. How to achieve this?

Colorful lego bricks
.NETOptimizelyWeb DevelopmentDesign Patterns

Global Components Builders

Implementing global common components every site consists of

Have a question?

Don't hesitate, and send me an email

smutek.damian95@gmail.com