Closed
Description
Description
Hello there,
we have a gitea instance hosted to which we enabled the following in the app.ini:
[service]
REQUIRE_SIGNIN_VIEW = true
This setting is supposed to make access to the instance non public, i. e. even with public repositories, you can only see them after you signed in.
The new package repository feature introduced in 1.7.0 does not honor this setting - all packages hosted on a public repository on a view protected instance can be downloaded without signing in.
(I can't reproduce on demo site as I have no possibility to make changes to its configuration)
Gitea Version
1.7.0
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
2.7.4
Operating System
Ubuntu 20.04
How are you running Gitea?
Used the precompiled version from the releases page.
Database
MySQL