Shared Links #1749

Closed
opened 2020-10-13 08:24:54 +00:00 by Rustymage · 1 comment

Found what I think is a bug or at least unexpected behaviour.

Firstly, when sharing links the link is malformed, I was given:

URL.comshare/LONGCODE/auth

Notice the trailing forward slash missing? Perhaps it's my setup so please correct me if it is.

Secondly, when amending the link (to include the forward slash) and heading to the site, I can change the redirected URL from list to edit and I can attempt to edit the list - although I'm not allowed and I get a 403 error.

https://URL/lists/26/list ---> https://URL/lists/26/edit

Is this intended?

Cheers.

Found what I think is a bug or at least unexpected behaviour. Firstly, when sharing links the link is malformed, I was given: `URL.comshare/LONGCODE/auth` Notice the trailing forward slash missing? Perhaps it's my setup so please correct me if it is. Secondly, when amending the link (to include the forward slash) and heading to the site, I can change the redirected URL from list to edit and I can attempt to edit the list - although I'm not allowed and I get a 403 error. https://URL/lists/26/list ---> https://URL/lists/26/edit Is this intended? Cheers.
Owner

The URL is built from the frontend URL you configured in the API config. Maybe you have a / missing there.

As you discovered, even though you can change the URL to the edit page you can't edit it - this is prevented on the API level. I figured it would be enough to hide all edit buttons and prevent editing on the API level therefore it is indeed intended behaviour.

(Off-Topic: For general questions, maybe consider using the forum so other users who have the same questions can find the answers more easily)

The URL is built from the frontend URL you configured in the API config. Maybe you have a / missing there. As you discovered, even though you can change the URL to the edit page you can't edit it - this is prevented on the API level. I figured it would be enough to hide all edit buttons and prevent editing on the API level therefore it is indeed intended behaviour. (Off-Topic: For general questions, maybe consider using [the forum](https://community.vikunja.io) so other users who have the same questions can find the answers more easily)
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: vikunja/vikunja#1749
No description provided.