Unpublished post's draft preview is visible publically

[ksh7]

How to reproduce:

1. Write a post and hit "Save as Draft" and then you can obviously view your draft.
2. Logout or go to a private tab and paste your unpublished post link's with ?preview=true at the end, and you can see all content.

Ideally, unpublished posts should never be visible if a user is not logged in and should throw a 404 error, as they do without ?preview=true.

@HermanMartinus I can fix and send a PR if it's not already planned by you.

[HermanMartinus]

This should be a non-issue as it has security through obscurity (as in, someone would need to guess the link of your new post and append ?preview=true to it in order to view your unpublished post). The current sharable link is useful as I can send my draft to friends for proofreading before making it public, and I don't want them to introduce the friction of a sign-in to do so.

[HermanMartinus]

In a nutshell, this is a feature not a bug ;)

[Cwpute]

Maybe this should be specified in the documentation then :+1: OP in this issue may have not asked if they knew they could have unlisted articles in their blog.