On localhost I can load the avatar Images of all students or companies. This will also do if I'm not logged in.
Is this how it is intended that these images are publicly accessible? In my opinion, at least the student images should be blocked when the user is not logged in.
On localhost I can load the avatar Images of all students or companies. This will also do if I'm not logged in. Is this how it is intended that these images are publicly accessible? In my opinion, at least the student images should be blocked when the user is not logged in.
Example: https://development-matchd-backend.joshmartin.ch/attachment/50/avatar/