Protected auth methods are exposed in the /apis/.../swagger endpoint #198
Labels
Milestone
Comments
maksimlikharev
pushed a commit
to clarivate/wicked.api
that referenced
this issue
Jun 7, 2019
* adding group for the subscription/approval events (#22) * Bump to version 1.0.0-rc.5 * Fixes Haufe-Lexware/wicked.haufe.io#196 * Fixes Haufe-Lexware/wicked.haufe.io#198 * Bump to version 1.0.0-rc.6 * Update docker group to adapt to new Jenkins * Use classical pipeline again (test) * Try this on the RD jenkins * Allow loading of javascript file in static content (#24) * Change back to "docker" agent * Take out SonarQube for the time being
maksimlikharev
pushed a commit
to clarivate/wicked.api
that referenced
this issue
Jul 29, 2019
* adding group for the subscription/approval events (#22) * Bump to version 1.0.0-rc.5 * Fixes Haufe-Lexware/wicked.haufe.io#196 * Fixes Haufe-Lexware/wicked.haufe.io#198 * Bump to version 1.0.0-rc.6 * Update docker group to adapt to new Jenkins * Use classical pipeline again (test) * Try this on the RD jenkins * Allow loading of javascript file in static content (#24) * Change back to "docker" agent * Take out SonarQube for the time being * Log in once to make sure docker login is done * Bump to version 1.0.0-rc.7 * Enable switching off health checks * Bump to version 1.0.0-rc.8 * Infinite loop inside docker container... ... instead of letting e.g. Kubernetes handle the restart. Advantages: - Much quicker restart - Kubernetes does not count a reload as a full crash See Haufe-Lexware/wicked.haufe.io#212 * honor host (#25) * Partly fixes Haufe-Lexware/wicked.haufe.io#216
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In case you are using "protected" auth methods, these are currently inadvertently exposed in the
/apis/.../swaggerendpoint, thus are offered for use in the Swagger UI. This should quite obviously not be the case.The text was updated successfully, but these errors were encountered: