Bug Fixes
- Prevent PRIVATE_LINK token leak in landing page lookup (#44)
- The
lookupUseraction previously retrieved or generated the secret share token and redirected unauthenticated visitors directly to the token URL, defeating PRIVATE_LINK mode by exposing the token to anyone who knew a username - Access control is now fully delegated to the wrapped page's
checkWrappedAccess, which correctly denies access when no token is present in the URL
- The
Full Changelog: 0.1.9...0.1.10