SECURITY: Restrict message-bus access on login_required sites

2019-08-13 14:44:22 +01:00
parent 888b635cfc
commit 92f2202e4a
3 changed files with 42 additions and 0 deletions
@@ -34,6 +34,12 @@ export default {

    // we do not want to start anything till document is complete
    messageBus.stop();
+
+    if (siteSettings.login_required && !user) {
+      // Endpoint is not available in this case, so don't try
+      return;
+    }
+
    // jQuery ready is called on "interactive" we want "complete"
    // Possibly change to document.addEventListener('readystatechange',...
    // but would only stop a handful of interval, message bus being delayed by