Closed

Question on the Abp/ApplicationConfigurationScript endpoint #5516

balessi75 created 2 years ago

ABP Commercial 7.2.1 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

When hosting an ABP application (Blazor Server), the Abp/ApplicationConfigurationScript endpoint appears to be publicly available, even for users that are not logged in (authenticated).

There is information here that an attacker could potentially exploit.

Please advise if we are misunderstanding something and/or if there are any recommendations in this matter.

Thanks in advance,

Brian

1 Answer(s)

0

liangshiwei created 2 years ago
Support Team Fullstack Developer

Hi,

Yes, this is a public endpoint, but it is safe. If the user is not logged in, there will be no sensitive information.

Have an answer to this question? Log in and write your answer.

Learn More, Pay Less

33% OFF
All Trainings!

Get Your Deal

The Official Guide

Mastering
ABP Framework

Learn More

Made with ❤️ on ABP v10.0.0-preview. Updated on September 16, 2025, 10:35

Framework

Tools

Startup Templates

UI Themes

Mobile

Modules