Why am I able to access the images by URL in the the SiteCollectionImages document library in a standard SharePoint 2013 publishing site when I am not authenticated?
Scenario : user is not authenticated and accesses:
- http://sitecollection/publishingsite/SiteCollectionImages/image1.png -> works, the image is displayed
- http://sitecollection/publishingsite/SiteCollectionImages/ -> correctly redirects to the authentication page.
Note: There is no anonymous authentication enabled at all. There is no blob cache enabled.
In the ULS log, it looks like SharePoint is aware that the request is not authenticated, but goes ahead and serves the file anyway.
What can I do to stop images being served when accessed by the full URL?
0 commentaires:
Enregistrer un commentaire