To increase the protection of customers sites, starting with January 13th 2016, we are going to enforce the restrictions to access the Business Catalyst apps admin folders. These restrictions will make the app admin folders available to:
- Logged in admin users with appropriate permissions, regardless of the domain they try to load those resources
- The BC app runtime will be able to access files through the app domain with a valid access token (as they do today)
Unauthenticated users as well as front-end users (secure zone logins) will not be able to access files in app admin folders. The system will return a 401 (unauthorized) error code.
If your app admin folders does include files that need to be available to general public in the site front-end it recommended to place them in another folder inside the site, outside of _System/Apps or place them under a folder named "public" in the app's root folder. For more information, read the Building a Business Catalyst app getting started guide.
If you are an app developer, please update your apps to place all your app public files into public locations (inside the public folder or outside the app admin folder). If you're a partner, please update your apps to the latest version.
Thank you,
The Adobe Business Catalyst team