System Information
- Strapi Version: 5.1.0
- Operating System: Windows
- Database: mysql
- Node Version:
- NPM Version:
- Yarn Version:
Hi,
I found that I can access files under uploads through URLs without logging in. For example, I can directly display or download files through URLs such as
“http://127.0.0.1:1337/uploads/thumbnail_9797e23a9d524e4497fb1d13c4933569_ae7ebcac19.jpeg”.
This may bring security risks. How can I prevent public users from accessing files in the specified directory like uploads/secret?
