Disable file attachment URL sharing, require login Follow
Youtrack has the feature where attachment URLs are generated with a signature that grant access through a token. They can be shared to those without a login.
Browser copied URLs last 3 days and notification email URLs last 2 weeks.
Documented here: https://www.jetbrains.com/help/youtrack/standalone/Add-an-Attachment.html#links-to-issue-attachments
We would like to disable the token-based access to attachments and always require login. Is there a setting or experimental feature that would accomplish this?
This convenience feature is not intuitive, and seems like it should not be enabled by default, or at least should be removable for security requirements.
Please sign in to leave a comment.
Hi!
It is not possible to disable token-based access to attachments.
If you suspect that some user has shared a link to a file with sensitive information, you can either restrict the visibility of the issue/comment with the attachment to exclude the user who attached the file, or delete the file completely.