Template Links are accessible without access

Hi @Allan_Zimmermann, We have hosted the openflow locally. we were trying to fix some issues from the source code. During which we found that the Template Links are accessible without access. Please find the screenshots for your reference:

All other html files are also accessible like the above.

We have tried to fix it from the app.ts by adding resolve function to the user.html to navigate to the /main, it is restricting the user creation page by going to main, but we are not able to restrict from opening the html after or before login.

Could you please help us to fix it.

all static files are served using express static endpoint for max performance.

There is no sensitive data stored so I really don’t understand why you would want to “protect” those.
Also, accessing those files directly is not supported. So adding “break out code” that forces a user to be redirect when opening is a BAD idea. The angularjs view controller does not now how to handle that, and it does not solve’s a real issue trying to add that kind of functionality
Please elaborate on the reasoning for trying to add something like that. What is the goal or the issue you are trying to fix ?
Also, please keep in mind that license for openflow is a copyleft license, that means you must release you changes as opensource as well ( unless if you have special license from OpenIAP ApS that grants you permission to keep it closed source )

Thanks for the reply allan, we will definitely release, if we try to implement any new features.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.