Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
Description
Summary
As of now, unauthenticated user (Confluence/Jira) able to access the XML content of the gadget by accessing the Gadget URL, for example:
- <Confluence/Jira Base URL>/rest/gadgets/1.0/g/com.atlassian.streams.confluence:activitystream-gadget/gadgets/conf-activitystream-gadget.xml
- <Confluence/Jira Base URL>/rest/gadgets/1.0/g/com.atlassian.jira.gadgets:filter-results-gadget/gadgets/filter-results-gadget.xml
Suggestion
Add a rule/permission to allow only the authenticated user to access the XML content of the gadget by accessing the Gadget URL.