Seafile Insecure Direct Object References (IDOR)

Hello, we did a penetration tests to our seafile and we found some problems. Do you guys know how to prevent them ? First one is IDOR and second one is httponly flag in nginx.

IDOR links
Insecure Direct Object Reference (IDOR) Vulnerabilities in Brief https:// cheatsheetseries.owasp. org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html

Can you provide more details about the first issue? Which URL has IDOR issue?