Describe the bug
If a user setup a clone of the journal for testing purposes, using another domain, the behavior of the staging server/plugin seems to be a little permissive/undefined, as it ends up overwriting the backend information with the data from the test domain.
Following the same idea, it might probably be also willing to ingest undesired/test content.
To Reproduce
Spin up a clone of the journal in another domain, and once it tries to contact the staging server, it will end up overwriting the information in the administrative panel (e.g. journal's URL).
Notes
We can detect URL changes, but it's not up to us to say which one refers to the production journal.
In order to ensure a journal administrator has control over the journal we might send a "beacon" to it from the PKP staging server (something similar to the way Google validates your login by asking permission from another device), just always good to ensure this can't be abused.
Overwriting the main host must be an incisive action (e.g. "The PKP PN already know about your journal, but under a different URL, would you like to update it to use the URL xyz?")
The plugin could offer an option to disable itself, once the user flagged the journal is using a test domain.
Given that users might clone a journal instead of creating a new instance from zero, perhaps it's useful to offer an option to also reset the PKP PN GUID
Check if it makes sense to have a list of acceptable URLs in the PKP PN backend (probably not)
Check if PKP PN backend is too permissive (accepts deposits from any domain), and make it stricter (once we assure the user has been using a newer plugin/protocol version)
It was agreed that we're going to synchronize the information with the staging server only when accepting the terms (this issue should be stated to the users).
Describe the bug If a user setup a clone of the journal for testing purposes, using another domain, the behavior of the staging server/plugin seems to be a little permissive/undefined, as it ends up overwriting the backend information with the data from the test domain. Following the same idea, it might probably be also willing to ingest undesired/test content.
To Reproduce Spin up a clone of the journal in another domain, and once it tries to contact the staging server, it will end up overwriting the information in the administrative panel (e.g. journal's URL).
Notes
What application are you using? OJS 3.3
Additional information https://forum.pkp.sfu.ca/t/problem-the-pkp-pln-does-not-know-about-this-journal-yet/72678/17