Thanks. I am wondering if RSS feeds are displaying public accessible content only (content that can be reached when not logged in) ? So is it safe to share RSS feeds publicly ?
Yes, post security also works on RSS feeds, so users in their various states would only see posts that they can normally see when they visit the UI. Are you finding that this is not the case? You can test it to confirm.
Thanks. I did not test before asking.
Unlike some software currently in the news, the discourse api enforces the expected security on all routes.