What feature or change would you like to see made?

When viewing the page code https://viewer.ohif.org, the “Request URL” is displayed, which is written in the configuration file “https://d33do7qe4w26qo.cloudfront.net/dicomweb/studies...”. When you go to the direct address https://d33do7qe4w26qo.cloudfront.net/dicomweb/studies, some data is displayed in JSON format. But access to an address with a "/" at the end is successfully limited. In my case, access to the addresses "example.com/rs/studies/", "example.com/rs/studies", "example.com/rs/patients" is not limited in any way. Tell me how you can restrict access to these addresses to third parties?

Why should we prioritize this feature?

impact on safety

that is a server issue not a front end, you should put auth in front of that url, and ohif should provide tokens so that it can pass, take a look at authservice