Open ghost opened 2 years ago
Which is strange as looking at the code here, I don't see how this happens.
Indeed the code should not allow this url. The only explaination I see is that maybe this url is declared before my plugin control which URL is allowed or not. You can check with the calendar dev team or on the forum.
This is because of these kinds of errors that I have switched to a discourse forum. My needs was to have a private forum and as you can see this plugin seems not enough even if a nodebb dev helped me on their forum.
I'll see if I can figure it out.
You can start the forum in dev mode and see if the request for calendar is serve before this plugin in invoked.
Hello, can you try again with the latest version 1.3.0?
Yes, today. Sorry for the delay, I haven't had time recently.
This one is still present in the recent version, I will check the order plugins are loading as soon as I can. Might not be for a couple days though.
Also can you describe what is publicly visible? I tried the calendar plugin (that is using an old nodebb code) and did not understand what was not protected.
Just the calendar page itself, I assumed it would redirect to the login page.
You can see at https://lavender.colloquy.ca/calendar
Quick update, I verified with a test event that the events are publicly visible as well.
I also installed the module and tried to update my plugin to catch the calendar loading event, and did not succeed for now.
When using this plugin with the calendar plugin, the route
/calendar
is unprotected allowing unregistered/guest visitors access.