[BUG] Unauthorized user can access /conf.yml

[Towerism]

Environment

Self-Hosted (Docker)

System

Chrome 124.0.6367.201, Debian GNU/Linux 12 (bookworm), Docker 20.10.24+dfsg1 build 297e128

Version

3.1.0

Describe the problem

First of all, thanks for creating this product. It's a beautiful, easy to configure, easy to use dashboard that has made it a pleasure to organize my home network.

Now onto to the bug.

With the following settings:

appConfig.disableConfigurationForNonAdmin: true
appConfig.auth.enableGuestAccess: false

an unauthorized user can access /conf.yml and view the entire config. This seems like a security flaw. Unauthorized users should be denied access to /conf.yml.

Additional info

No response

Please tick the boxes

• You have explained the issue clearly, and included all relevant info
• You are using a supported version of Dashy
• You've checked that this issue hasn't already been raised
• You've checked the docs and troubleshooting guide
• You agree to the code of conduct

[CrazyWolf13]

Closed as duplicate of #668

Please look into the docs before creating a new issue; https://dashy.to/docs/authentication

It's explained here.
Also you can find a resolution, for example by adding http basic auth.

Also look at this:
#1579 (comment)