Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

Securing APIs by default

Description

Per , all public APIs should be protected by default. That means field permissionsRequired is required when defining non-system APIs in the handlers section of module descriptor. If there is a strong technical reason that an API cannot be protected, for example, /authn/login, use *"permissionsRequired" : [ ]* to make it explicit.

Please fix following APIs in this module

Environment

None

Potential Workaround

None

Linked issues

is duplicated by

Provide permissionsRequired property

relates to

permissionsRequired required (securing APIs by default)

Create following up module tickets after securing API by default

Checklist

hide

TestRail: Results

Activity

Show:

Done

Details

Assignee

Adam Dickmeiss

Reporter

Hongwei Ji

Labels

platform-backlog

Priority

TBD

Sprint

None

Development Team

Core: Platform

Fix versions

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created April 24, 2020 at 11:16 PM

Updated June 4, 2020 at 12:02 PM

Resolved June 4, 2020 at 11:22 AM

TestRail: Cases

TestRail: Runs