-
-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable viewing /about if not admin #303
Comments
Currently the |
also Environment is better that is reserved to admins: it allows discovering data about runtime (bug) to standard users (that do not need this kind of information) |
The purpose of those blocks is to easy debugging information collect, so I don't want to totally remove them. As 2FAuth is now multi-user, I agree they could be restricted to administrators. I think I will move the Environment block, as well as the Admin block, to the new admin section I'm working on. I already made the User preferences block visible in this admin section so the About page could be cleared as you suggest indeed. |
Is your feature request related to a problem? Please describe.
Yes, it is a security risk having the about view displaying all the app information on a production server
Describe the solution you'd like
The /about view should only be visible by admins and when the app is in debug mode.
The text was updated successfully, but these errors were encountered: