Securing APIs by default

Description

Per , all public APIs should be protected by default. That means field permissionsRequired is required when defining non-system APIs in the handlers section of module descriptor. If there is a strong technical reason that an API cannot be protected, for example, /authn/login, use *"permissionsRequired" : [ ]* to make it explicit.

Please fix following APIs in this module

Environment

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:
Done

Details

Assignee

Reporter

Priority

Sprint

Development Team

Core: Platform

Fix versions

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created April 24, 2020 at 11:16 PM
Updated June 4, 2020 at 12:02 PM
Resolved June 4, 2020 at 11:22 AM
TestRail: Cases
TestRail: Runs