OK, thanks all. So...
Two new options then:
1. Add the catch-all view to admin to stop the unauthenticated probing, as
per the Security Teams initial idea, but not the AdminSite.append_slash
option.
2. Don't even add the catch-all, and close the ticket as wontfix.
A site concerned here stil
I wouldn't object to a wontfix. It seems like we've already spent a lot of
effort here for little benefit, if any.
On Thursday, January 7, 2021 at 8:16:57 AM UTC-5 carlton...@gmail.com wrote:
> OK, thanks all. So...
>
> Two new options then:
>
> 1. Add the catch-all view to admin to stop the un
On Thursday, January 7, 2021 at 2:16:57 PM UTC+1 carlton...@gmail.com wrote:
> 1. Add the catch-all view to admin to stop the unauthenticated probing, as
> per the Security Teams initial idea, but not the AdminSite.append_slash
> option.
> 2. Don't even add the catch-all, and close the ticket
