Shocked too find out that anon users can use safe mode without any problems… thus bypassing loads of custom CSS, hidden elements and bypassing any plugin customizations… 
Shouldn’t this be an admin-only feature? I see no legitimate reason why a regular user should be able to disable things the admin has set-up for his visitors.
You can disable it for users by toggling off enable safe mode, if that helps?
That is the solution (however I would kinda expect this to be off by default?) - Thanks!
Disabling it for all non-staff though makes it far harder to deal with an issue that crops up and prevents login. It’s great if it’s admin (or staff) only, but what happens when something goes wrong and you’re not already logged in?
(Just thinking out loud)
This situation actually crossed my mind, then I started thinking: when did I ever need to go into safe mode without being logged in?
Usually when I need safe-mode it’s because 2 seconds ago I made edited/enabled some theme/component - I can’t remember myself ever needing safemode when I am not logged in.
And isn’t there a way to manipulate any setting in app.yml, similar to how we enable hidden settings?
When the site is broken even when you are not staff, it can be helpful to be able to use safe mode. Otherwise, you cannot visit /about to contact the admin about the issue.
I was very happy in February that there was a safe mode for users because it was the only way for me to use the site. While users with Safari had no problems at all. So maybe admins wouldn’t have noticed the problem.
I’m a safe mode disabler-for-anon type of admin myself lol. and I personally think it should be default staff-only.
does this cause any problems in practice? I can do mostly the same things in the browser console too
not sure, I would say that safe mode is definitely giving an more easier option to bypass certain things;
Obviously this is not something that I would be aware of, since I don’t expect an abuser to actually report his “bypass” method.
What about adding a setting that only Staff can login when site is in safe mode? Users should still be able to access viewing About pages and public areas.