[GeoNode-devel] Sitemap.xml lists restricted resources

Jonathan Doig j.doig at unsw.edu.au
Sun Aug 13 18:29:06 PDT 2017

Hi Devs

Is anyone able to help with this security issue #3190<https://github.com/GeoNode/geonode/issues/3190>?

Also the related issue #1726<https://github.com/GeoNode/geonode/issues/1726>, Metadata for private layers should be consistent with layer permissions.

Have these been addressed in security improvements since 2.4?


From: geonode-devel [mailto:geonode-devel-bounces at lists.osgeo.org] On Behalf Of Jonathan Doig
Sent: Wednesday, 2 August 2017 1:40 PM
To: geonode-devel <geonode-devel at lists.osgeo.org>
Subject: [GeoNode-devel] Sitemap.xml lists restricted resources

Hi devs

The sitemap.xml file used by Google and other search engines should only list publicly accessible resources. Instead it lists all resources regardless of the permissions set in Geonode.

E.g. demo.geonode.org/sitemap.xml<http://demo.geonode.org/sitemap.xml> lists three restricted layers not visible in demo.geonode.org/api/layers<http://demo.geonode.org/api/layers>:

  *   edificios_de_gobierno<http://demo.geonode.org/layers/geonode%3Aedificios_de_gobierno>
  *   lc80420352015002lgn00_b4<http://demo.geonode.org/layers/geonode%3Alc80420352015002lgn00_b4>
  *   san_juan<http://demo.geonode.org/layers/geonode%3Asan_juan>
I've raised this as issue #3190<https://github.com/GeoNode/geonode/issues/3190>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20170814/1eba0aa9/attachment.html>

More information about the geonode-devel mailing list