Favourites RSS feed is public, is that normal ?
-
Hello !
I see that anyone can access the favourites by reading the RSS feed of a member, okay the link isn’t displayed, but anyone can access to */rss/profile/{USERNAME} .
I think it will be better if BBPress requires a unique key to be sent as an argument to identify the user and prevent others from reading his feed, so it will be like */rss/profile/{USERNAME}?key={THEKEY} or something similar .
- You must be logged in to reply to this topic.
