We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problematic behavior The django API is too open. If we just make a GET Request to https://domain/api/rooms/name_of_room
We can retrieve all the information including the token. This is problematic as with the token we can bypass the restriction of a room.
Expected behavior/code The GET requests of specific room should work only for an authenticated user owning the room.
Steps to Reproduce
Environment
@jbpenrath, can you help us on this issue ?
Thanks in advance, Regards, Nathan
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Bug Report
Problematic behavior
The django API is too open. If we just make a GET Request to https://domain/api/rooms/name_of_room
We can retrieve all the information including the token. This is problematic as with the token we can bypass the restriction of a room.
Expected behavior/code
The GET requests of specific room should work only for an authenticated user owning the room.
Steps to Reproduce
Environment
@jbpenrath, can you help us on this issue ?
Thanks in advance,
Regards,
Nathan
The text was updated successfully, but these errors were encountered: