Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 29d3b71cfd95bb8d44ba464ce0e086d81f70bc0d
https://github.com/tribe29/checkmk/commit/29d3b71cfd95bb8d44ba464ce0e086d81…
Author: Christoph Rauch <christoph.rauch(a)tribe29.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
A .werks/14509
M cmk/gui/wsgi/applications/rest_api.py
M tests/unit/cmk/gui/plugins/openapi/test_spec_files.py
M tests/unit/cmk/gui/plugins/openapi/test_swagger_ui.py
Log Message:
-----------
14509 SEC add authentication to REST API documentation
It was previously not required to be authenticated to access the site's REST API documentation.
Because custom user tags and comments may appear in the automatically generated documentation,
this would represent an "information leak". Therefore, from this Werk onwards, the site's
REST API documentation is only allowed to be accessed by logged in users.
Change-Id: I5efffe69054cff64475be10488ca52e4a85a1ba9