Issue
-
The line below can be found on pages where guest users should not see confidential data.
getSiteAdminURL: function() { return '<domainname>/group/guest/~/control_panel/manage?p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view'; },
Environment
- DXP 7.4+
Resolution
- This is the expected behavior.
- Liferay mitigates access to this URL via its permissions framework; if this URL is requested from the server without the necessary credentials, the requester would receive a 404 page or a login page (depending on security settings).
Subscriber Exclusive Content
A Liferay Enterprise Subscription provides access to over 1,500 articles that include best practices, troubleshooting, and other valuable solutions. Sign in for full access.
Sign In