search

modrinth / code

The Modrinth monorepo containing all code which powers Modrinth!
https://modrinth.com
Other
984 stars 187 forks source link

Normally Private Screens Show (/mod/<modid>/moderation, /mod/<modid>/settings/analytics) #2904

Open sylv256 opened 2 weeks ago

sylv256 commented 2 weeks ago

Please confirm the following.

What browsers are you seeing the problem on?

Firefox

Describe the bug

No response

Steps to reproduce

  1. Add /settings/analytics or /moderation to the end of a mod URL.
  2. You will not see any private information.

Expected behavior

You should not see this page. That is to say, the server should send a 403 page.

Additional context

No response

Prospector commented 1 week ago

Is not really an issue, there is no way to navigate to these pages naturally

sylv256 commented 6 days ago

Yes, but most websites show a 403 Forbidden page to indicate to the user that they shouldn't be there. This is especially useful when the user is logged out but tries to load these pages.