:warning: Starting to work on this issue? Please indicate it in a comment below to prevent many people working on same stuff at the same moment. Thanks.
Currently, if someone knows the auth provider (e.g. GitHub, Facebook or Twitter) and the unique identifier of a contributor, s·he can rebuild the route to see the contribution.
When the contribution is anonymous page to contribution {locale}/contribution/{authoProviderId}/{identifier} must return a 404 HTTP code to every user but the contributor and admins.
Currently, if someone knows the auth provider (e.g. GitHub, Facebook or Twitter) and the unique identifier of a contributor, s·he can rebuild the route to see the contribution.
When the contribution is anonymous page to contribution
{locale}/contribution/{authoProviderId}/{identifier}
must return a 404 HTTP code to every user but the contributor and admins.