Securing APIs by default

CSP Request Details

None

CSP Rejection Details

None

CSP Approved

None

Description

Per , all public APIs should be protected by default. That means field permissionsRequired is required when defining non-system APIs in the handlers section of module descriptor. If there is a strong technical reason that an API cannot be protected, for example, /authn/login, use *"permissionsRequired" : [ ]* to make it explicit. Note it is OK to use *"permissionsRequired": [ ]* for two APIs //ramls and //jsonSchemas provided by RMB.

Please fix following APIs in this module

Environment

None

Potential Workaround

None

Linked issues

relates to

OKAPI-767

permissionsRequired required (securing APIs by default)

FOLIO-2567

Create following up module tickets after securing API by default

Checklist

hide

TestRail: Results

Activity

Show:

Done

Details

Assignee

Hongwei Ji

Reporter

Hongwei Ji

Labels

platform-backlog

Priority

TBD

Story Points

0.5

Sprint

None

Development Team

Core: Platform

Fix versions

11.0.0

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created April 24, 2020 at 11:40 PM

Updated June 4, 2020 at 2:58 PM

Resolved June 4, 2020 at 2:58 PM

Configure

TestRail: Cases

TestRail: Runs