Should access to safe mode be default off for non-staff users?

Shocked too find out that anon users can use safe mode without any problems… thus bypassing loads of custom CSS, hidden elements and bypassing any plugin customizations… :thinking:

Shouldn’t this be an admin-only feature? I see no legitimate reason why a regular user should be able to disable things the admin has set-up for his visitors.

1 Like

You can disable it for users by toggling off enable safe mode, if that helps?

4 Likes

That is the solution (however I would kinda expect this to be off by default?) - Thanks!

3 Likes

Disabling it for all non-staff though makes it far harder to deal with an issue that crops up and prevents login. It’s great if it’s admin (or staff) only, but what happens when something goes wrong and you’re not already logged in?

(Just thinking out loud)

2 Likes

This situation actually crossed my mind, then I started thinking: when did I ever need to go into safe mode without being logged in?

Usually when I need safe-mode it’s because 2 seconds ago I made edited/enabled some theme/component - I can’t remember myself ever needing safemode when I am not logged in.

And isn’t there a way to manipulate any setting in app.yml, similar to how we enable hidden settings?

2 Likes

When the site is broken even when you are not staff, it can be helpful to be able to use safe mode. Otherwise, you cannot visit /about to contact the admin about the issue.

I was very happy in February that there was a safe mode for users because it was the only way for me to use the site. While users with Safari had no problems at all. So maybe admins wouldn’t have noticed the problem.

2 Likes

I’m a safe mode disabler-for-anon type of admin myself lol. and I personally think it should be default staff-only.

4 Likes

does this cause any problems in practice? I can do mostly the same things in the browser console too

4 Likes

not sure, I would say that safe mode is definitely giving an more easier option to bypass certain things;

  • e.g. bypassing Gated Topics is a lot easier with safe mode then editing the CSS in devtools - for this specific component it actually requires quite some edits to get the “normal” experience.
  • certain hidden elements could be revealed, that otherwise would never get reverse-engineered?

Obviously this is not something that I would be aware of, since I don’t expect an abuser to actually report his “bypass” method.

1 Like

What about adding a setting that only Staff can login when site is in safe mode? Users should still be able to access viewing About pages and public areas.

1 Like