Page MenuHomePhabricator

Browsing directly to an application seems to bypass authentication
Closed, DuplicatePublic


Browsing to the root of my phabricator install demands that I log in to proceed further. However, if I brows to particular applications, e.g.:


appears to bypass the requirement that I log in.

Event Timeline

wotte raised the priority of this task from to Needs Triage.
wotte updated the task description. (Show Details)
wotte added a project: Phabricator.
wotte added a subscriber: wotte.

This isn't a bug, there's just no logged-out/public view for the home page right now. See T3979.

If you don't want users to access applications without logging in, disable policy.allow-public. The documentation for the setting is (hopefully) clear about what this setting does:

Phabricator allows you to set the visibility of objects (like repositories and tasks) to 'Public', which means anyone on the internet can see them, without needing to log in or have an account.

This is intended for open source projects. Many installs will never want to make anything public, so this policy is disabled by default. You can enable it here, which will let you set the policy for objects to 'Public'.

Enabling this setting will immediately open up some features, like the user directory. Anyone on the internet will be able to access these features.

Does that make sense, or am I misunderstanding? I'll merge this into T3979 if it's just a confusion issue over the lack of a logged-out view for the homepage.

wotte claimed this task.

Aha, yes - this is a confusion issue - I don't recall setting that particular attribute, but may have whilst digging around in the settings. Sorry for the trouble.

epriestley changed the task status from Invalid to Duplicate.Dec 5 2013, 2:40 AM

✘ Merged into T3979.