meganw22
commented
1 month ago Sequentially, by clicking buttons to navigate through the website, unauthorised users were restricted to what they could view. However, ticket pages could be accessed by directly navigating to the URL. This has now been remediated by adding @loginrequired decorator to all Ticket Views to ensure that the URLs cannot be accessed by unauthorised users.
Issue: Criteria 3.3 does not meet requirements. Comments: Non logged in users can access restricted content and functionality either through on-screen elements or direct entry of the URL Remediation method: Add login requirements for all ticket URLs, which require a user to be logged in to access.