Lack of authentication to view project settings
IThundxr opened this issue · comments
IThundxr commented
Describe the bug
modrinth.com//settings/* pages lack authentication/authentication redirection when accessing them from the link directly
Steps to reproduce
- visit https://modrinth.com/mod/numismatics/settings/members and be able to see all the members, alongside other info that should be gated behind logging in
Expected behavior
Redirect to login page requesting login before being able to view project settings
Additional context
No response
Prospector commented
Any sensitive information is behind authentication on the backend. There's not really much of a reason to block people from seeing these pages, there is no way to access them through the UI.
IThundxr commented
I guess yeah