[QUESTION] Make config.yml inaccessible from browser

[Grishkaone]

Question

Hello there !

I'm new to Dashy, and I love it. I'm testing the authentification system and something is annoying me.

I particularly like the authentication system and the ability to show or hide certain elements to guests or authenticated users.
For example, I can include a section with bookmarks to local IPs that I don't want displayed to just anyone, that's great.

But one detail bothers me: even if I decide to hide these sections, their content can still be easily consulted by a guest. Either from the main menu, by clicking on the name of the configuration file at the bottom of the popup, or by directly opening the address my.dashboard.com/config.yml.

Hiding or not hiding these elements is only aesthetic and does not protect them.

I've already added a bit of CSS to hide the link in the menu, but that doesn't solve everything.

I feel like I'm missing something: is there a way to make the contents of this file inaccessible to non-admin users and guests? Without cutting off the possibility of consulting/editing the configuration from the UI for an administrator.

Have a nice day !

Category

Authentication

Please tick the boxes

• You are using a supported version of Dashy (check the first two digits of the version number)
• You've checked that this question hasn't already been raised
• You've checked the docs and troubleshooting guide
• You agree to the code of conduct