@mattab opened this Issue on October 11th 2018 Member

For users using Nginx or when .htaccess is disabled, it may be possible to guess the filenames and access HTML/PDF report data.

To prevent this issue we could for example introduce a random string in the filename, which would be removed when the file is being downloaded via the API.

This should not impact most users as they would use apache with .htaccess support, which would prevent direct file access.

This Issue was closed on November 29th 2018
Powered by GitHub Issue Mirror