Closed andreasotto closed 3 years ago
I assume that you mean, for example, being able to see the Contacts/Calendar page while not even logged in?
The thing here is that the all admin pages are loaded and do not really require any information from the API (hence they do not "fail"). This issue also happens on the project I've forked this from. While I'll take a look at that, feel free to submit a similar issue on the original project: https://github.com/mail-in-a-box/mailinabox
For the operating system information, you're probably correct - I might aswell get rid of it in the next release.
I've pushed a commit that hides the distro information - it will be live in the next release (hopefully as soon as I finish this other feature).
For the rest, I can file an issue on the upstream repository for you (or you can do that yourself if you prefer)
Live on v0.52.POWER.1 - for the remainder of the issue, please file it on https://github.com/mail-in-a-box/mailinabox instead. Thank you! :D
0.52.0:
The main menu is visible and reveals the complete menu structure (and thus all functions) even though the user is not logged in.
In addition, the operating system information including the version number is disclosed on the login page. This is information that is not relevant to anyone outside and that should not be disclosed at all, at least not by default.