0
balessi75 created
ABP Commercial 7.2.1 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme
When hosting an ABP application (Blazor Server), the Abp/ApplicationConfigurationScript endpoint appears to be publicly available, even for users that are not logged in (authenticated).
There is information here that an attacker could potentially exploit.
Please advise if we are misunderstanding something and/or if there are any recommendations in this matter.
Thanks in advance,
Brian
1 Answer(s)
-
0
Hi,
Yes, this is a public endpoint, but it is safe. If the user is not logged in, there will be no sensitive information.
