So unless I am doing this wrong, there appears to be a security flaw in ContentBox.
If I want to provide security, or an Admin view that should be secured it is vieweable by both no-secured and secured routes. Now I am sure that I am doing this wrong, so I would be happy to hear how others might be handling this.
In most of modules to date I have always added the route as such.
{pattern="/module/:moduleEntryPoint/:moduleHandler/:moduleAction?", handler=“modules”, action=“execute” }
Which allows me to have the url
/cbadmin/module/myModule/myHandler/myAction
Which works when a user is not logged into the admin dashboard, however if I then use
/myModule/myHandler/myAction
It will bypass the security login, which is not my desired result. So the question is should I just use my own secure list rather than rely on ContentBoxes?
Again if your doing this and have it secured right, how are you doing it?