Unauthenticated Users are Able to Download the PDF Version of an Edition Using the URL

Overview

Under normal circumstances, only users that are logged into ODN can access any of its content or URLs, including the links to download the PDF version of an edition. However, It could be the case that you observe that an unauthenticated user is able to access one or more hyperlinks that should only be visible to logged-in users. This is not the intended behavior for the product.

Solution

If you observe this issue going forward, you should raise a ticket with Support, including the following information:

  • The URL(s) for which you have observed the issue.
  • Whether it affects all editions, or just a specific edition, which you would need to indicate. 
  • Whether it can be reproduced by all users, or specific user(s), which you would need to indicate.

<supportagent>

This issue was observed in the past and fixed by engineering in OLIVES-19792. If this issue reoccurs for the same or other elements in ODN, once you are able to replicate it, please consider whether it affects all ODN instances, or just a specific publication or edition:

</supportagent>

Testing

Once the issue is resolved, the element locked behind authentication should not be accessible for users who have not logged in as required.

Comments

0 comments

Please sign in to leave a comment.