The sitemap.xml file used by Google and other search engines should only list publicly accessible resources. Instead it lists all resources regardless of the permissions
set in Geonode.
E.g. demo.geonode.org/sitemap.xml lists three restricted layers not visible in demo.geonode.org/api/layers:
I’ve raised this as issue
Is anyone able to help with this security issue
Also the related issue
#1726, Metadata for private layers should be consistent with layer permissions.
Have these been addressed in security improvements since 2.4?
From: geonode-devel [mailto:[hidden email]]
On Behalf Of Jonathan Doig
Sent: Wednesday, 2 August 2017 1:40 PM
To: geonode-devel <[hidden email]>
Subject: [GeoNode-devel] Sitemap.xml lists restricted resources