System Information
- Strapi Version: 4.25.2
- Operating System: Mac OSX (latest)
- Database: postGRES
- Node Version: v20.0.0.
- NPM Version: 9.6.4
- Yarn Version:
I login as a Super Admin. Then I login with an Editor user who has restricted access to certain content-types. On login and clicking through to the content manager, I can still see the content types the Super Admin has access to. If I refresh the page manually, the user role restrictions for the content-types is applied.
In the console I can see attempts to access the forbidden content types, and then a few 403s, then it manually refreshes the page, but this is not acceptable functionality.
I tried this on a clean version of Strapi to test if this was because of code or alterations I’d made - sadly no.
Has anyone else seen this issue. It seems like a significant front-end security issue in Strapi.
Any help would be much appreciated.
Kind regards,
ged12345