1b.app
Link copied -

OneBox gives "out" transaction data for an unlogged user, an urgent fix is needed

When forwarding the URL to a OneBox CRM deal via messenger, we noticed that even if the user is not logged in, the deal page contains the deal data in the <title> and <description> tags. Those. our confidential data goes outside, and any competitor will be able to find all our counterparties by sorting through transaction IDs.
Fix this bug immediately!
Example: when you click on the link: https://*****.1b.app/872/, a page opens with a login form, where <title> and <description> contain transaction data (screenshot)
Original question is available on version: ru

Answers:

Good afternoon.
You can turn it off here https://appointer.1b.app/app/settings/contact/ by turning off the setting "Display process previews when pasting a link in other resources"
22.04.2022, 15:51
Original comment available on version: ru

It, thanks! They thought it was a bug!
22.04.2022, 20:40
Original comment available on version: ru

Please join the conversation. If you have something to say - please write a comment. You will need a mobile phone and an SMS code for identification to enter. Log in and comment