When sharing a dashboard with the public, we could use a sharing link in the following format:
https://servername.thinger.io/#!/dashboards/dashboard_id?authorization=xxxxxx
That will direct to the webpage with the selected dashboard.
If I only type in the server name: https://servername.thinger.io, it will direct me to the login page:
However, if I type in
https://servername.thinger.io/#!/, I will be redirected to the statistics page(
https://servername.thinger.io/#!/console/statistics )even without login
That’s not acceptable as we only want the public to see the dashboard and we don’t want anyone to access this page by any chance.
Is there any way to fix this issue?
Did you type that in a private instance or another computer?
Obviously not
You only get directly to your own console, due to the cookies on your own system.
It’s probably not a cookie-related problem. I got the report from one of my colleague who doesn’t have an account on my private instance, and I tested it on the incognito mode using google chrome. Both of them has the same problem. When we include /#!/ after the domain, it will be automatically redirected to the statistic page. Although they might not see the details of my server, such as how many devices or buckets we have, but they can see the name of the administrator and some other information on this page.
Hi, this does not exposes any information from your account. If you go over any of the pages on the console you will see that everything provides you a forbidden. Even the statistics web is not reporting any kind of information from your account (everything is to 0). So, the user is looking at the console, but its authorization does not grant any access on it.
Yes, most of the things are unavailable except the name of the administrator on the top right of the page. Is there any way to get rid of that so that it won’t jump to that page?
Now this bug will happen if we first open the dashboard link and then open https://servername.thinger.io/#!/.
