[GeoNode-devel] Sitemap.xml lists restricted resources
Jonathan Doig
j.doig at unsw.edu.au
Sun Aug 13 18:29:06 PDT 2017
Hi Devs
Is anyone able to help with this security issue #3190<https://github.com/GeoNode/geonode/issues/3190>?
Also the related issue #1726<https://github.com/GeoNode/geonode/issues/1726>, Metadata for private layers should be consistent with layer permissions.
Have these been addressed in security improvements since 2.4?
Regards
Jonathan
From: geonode-devel [mailto:geonode-devel-bounces at lists.osgeo.org] On Behalf Of Jonathan Doig
Sent: Wednesday, 2 August 2017 1:40 PM
To: geonode-devel <geonode-devel at lists.osgeo.org>
Subject: [GeoNode-devel] Sitemap.xml lists restricted resources
Hi devs
The sitemap.xml file used by Google and other search engines should only list publicly accessible resources. Instead it lists all resources regardless of the permissions set in Geonode.
E.g. demo.geonode.org/sitemap.xml<http://demo.geonode.org/sitemap.xml> lists three restricted layers not visible in demo.geonode.org/api/layers<http://demo.geonode.org/api/layers>:
* edificios_de_gobierno<http://demo.geonode.org/layers/geonode%3Aedificios_de_gobierno>
* lc80420352015002lgn00_b4<http://demo.geonode.org/layers/geonode%3Alc80420352015002lgn00_b4>
* san_juan<http://demo.geonode.org/layers/geonode%3Asan_juan>
I've raised this as issue #3190<https://github.com/GeoNode/geonode/issues/3190>.
Regards
Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20170814/1eba0aa9/attachment.html>
More information about the geonode-devel
mailing list