Closed ksh7 closed 2 years ago
This should be a non-issue as it has security through obscurity (as in, someone would need to guess the link of your new post and append ?preview=true
to it in order to view your unpublished post). The current sharable link is useful as I can send my draft to friends for proofreading before making it public, and I don't want them to introduce the friction of a sign-in to do so.
In a nutshell, this is a feature not a bug ;)
Maybe this should be specified in the documentation then :+1: OP in this issue may have not asked if they knew they could have unlisted articles in their blog.
How to reproduce:
?preview=true
at the end, and you can see all content.Ideally, unpublished posts should never be visible if a user is not logged in and should throw a 404 error, as they do without
?preview=true
.@HermanMartinus I can fix and send a PR if it's not already planned by you.