lemmy-ui icon indicating copy to clipboard operation
lemmy-ui copied to clipboard

Published 20 hours ago verified publisher icon LemmyNet

Setup page is publicly available after instance created

Open Nutomic opened this issue 2 years ago • 1 comments

It can only be used to create normal user accounts, but the route should still be disabled.

https://lemmy.ml/setup

https://ds9.lemmy.ml/setup

via https://lemmy.ml/post/717182/comment/373149

Nutomic avatar Jan 20 '23 03:01 Nutomic

Same for /settings.

Even though the site is available, you can't really create a new admin, it just shows a spinner indefinitely.

"Fixed" with nginx rule:

    location /setup {
        deny all;
        return 403;
    }

Ideally /setup would just return 403 or 404 when there's a user with an admin ID already.

heylix avatar Jun 13 '23 20:06 heylix