Add access control to /filter/tips

Created on 25 June 2019, almost 6 years ago
Updated 1 March 2023, about 2 years ago

Problem/Motivation

The path /filter/tips is accessible to all the users, including anonymous users even if they do not have access to any input field. Though the path is excluded in ROBOTS.txt and is harmless, it doesn't appear to be serving any purpose to anyone who is not entitled to use a filter while it gets flagged in security reports for having inappropriate permissions.

Proposed resolution

In filter.routing.yml change _access for "Compose tips" to something that checks if the user has access to at least one of the filters.

📌 Task
Status

Active

Version

10.1

Component
Filter 

Last updated 4 days ago

No maintainer
Created by

🇦🇺Australia fotuzlab

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024