Hi,
I'm sure this isn't any kind of error, but I was surprised to see a login form get displayed when I access the following URLs in Omeka when I'm not logged into the admin section:
/files
/plugins
/themes
Does anyone know why the login form displays in this situation and is there a way to stop it from happening?
When I'm logged in and go to one of these URLs I get a 404 error, which is what I was expecting to happen in the first place. I would prefer this to happen when I'm not logged in as well.
Thanks for your help.
You're seeing that because /files, /plugins, and /themes are actually controllers/routes that exist, so Omeka's denying you access immediately based on the access control rules, before moving on to find that they don't exist. It's the same as going to, say /settings.
The fact that those are folders too really doesn't matter.
Thanks for your help, John.
OK, I understand what's happening now, but is there an easy way to stop the login form being displayed in this situation and to prevent users from logging in via this way at all? Just displaying a 404 or even a blank page instead would be fine.
I only want users to be able to login via /admin/users/login and not in any other way.