Images in posts are publicly accessible even when the post is accessible to paid-members or members only or when the site is private #11627
Labels
support request
[triage] A support request that belongs on the forum https://forum.ghost.org/c/help
Welcome to Ghost's GitHub repo! 👋🎉
We use GitHub only for bug reports 🐛
Anything else should be posted to https://forum.ghost.org 👫
🚨For support, help & questions use https://forum.ghost.org/c/help
💡For feature requests & ideas you can post and vote on https://forum.ghost.org/c/Ideas
If your issue is with Ghost CLI, please report it on the CLI repo ➡️ https://github.com/TryGhost/Ghost-CLI/issues/new.
Issue Summary
If an image in a post is accessible to members or paid-members only, the image is still available at the link (e.g., https://domain.tld/content/images/path/to/image).
To Reproduce
Also:
Repeat the steps with the site private
Any other info e.g. Why do you consider this to be a bug? What did you expect to happen instead?
This means that non-members and non-paid-members can access restricted content. This is bad for publishers whose content is photographs. It also gives site owners who use the site password feature to protect all their content with a false sense of security.
Technical details:
The text was updated successfully, but these errors were encountered: