Reproduce:
Expected results:
Actual results:
Is there no fix for this bug yet?
I think the fix is to make the category not restricted.
Else I’m not seeing the use case for someone wanting to view a topic in RSS format while they’re logged into the forum and can see it as a page.
And if the category is restricted, letting it be an RSS feed external to the forum would defeat the intent of it being restricted, no?
What am I not seeing here?
Well, we have a chat too and a private channel for our team. It will be great if we can use rss to add automatically (via bot) new topics or posts from our restricted categories to our private channel, like we used to do for all the other (public) categories and the community channels.
Was this fixed here already @tgxworld?
https://github.com/discourse/discourse/commit/bc4087b9bb32c9b45ec3b41f9f60e0f36191b033
Ooh, that’s a data leak. I don’t think the category description for restricted categories is supposed to be public.
You’d have to utilize an API Key to get that to show anything right? (assuming that is supported)
So @Trash, if you have a user who has access to the restricted category and is assigned an API key, see if appending the api_username and api_key to the URL makes it return data.
Edit: I just tried passing an API username and key to a restricted category for an RSS feed and didn’t get the data, so it seems the RSS implementation isn’t looking for a key for validation. But the category json does return the detail.
Don’t think so. That fix was for RSS poll feed.
We are looking good these days.
To add here a bit we also support user api keys and scoped api keys that can unlock secret rss integrations.
