Lack of authentication to view project settings

Question

Lack of authentication to view project settings

IThundxr opened this issue 2 months ago · comments

Describe the bug

modrinth.com//settings/* pages lack authentication/authentication redirection when accessing them from the link directly

Steps to reproduce

visit https://modrinth.com/mod/numismatics/settings/members and be able to see all the members, alongside other info that should be gated behind logging in

Expected behavior

Redirect to login page requesting login before being able to view project settings

Additional context

No response

Prospector · Answer 1 · Sat Apr 20 2024 10:32:57 GMT+0800 (China Standard Time)

Any sensitive information is behind authentication on the backend. There's not really much of a reason to block people from seeing these pages, there is no way to access them through the UI.

IThundxr · Answer 2 · Fri Apr 26 2024 04:04:11 GMT+0800 (China Standard Time)

I guess yeah