Open Closed

Question on the Abp/ApplicationConfigurationScript endpoint #5516


User avatar
0
balessi75 created

ABP Commercial 7.2.1 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

When hosting an ABP application (Blazor Server), the Abp/ApplicationConfigurationScript endpoint appears to be publicly available, even for users that are not logged in (authenticated).

There is information here that an attacker could potentially exploit.

Please advise if we are misunderstanding something and/or if there are any recommendations in this matter.

Thanks in advance,

Brian


1 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Yes, this is a public endpoint, but it is safe. If the user is not logged in, there will be no sensitive information.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15