Branch: refs/heads/2.1.0
Home:
https://github.com/tribe29/checkmk
Commit: 5b20c7a4cbc58a95793dce926d025df9cc31de90
https://github.com/tribe29/checkmk/commit/5b20c7a4cbc58a95793dce926d025df9c…
Author: Christoph Rauch <christoph.rauch(a)tribe29.com>
Date: 2022-10-04 (Tue, 04 Oct 2022)
Changed paths:
A .werks/14509
M cmk/gui/wsgi/applications/rest_api.py
M tests/unit/cmk/gui/plugins/openapi/test_spec_files.py
M tests/unit/cmk/gui/plugins/openapi/test_swagger_ui.py
Log Message:
-----------
14509 SEC add authentication to REST API documentation
It was previously not required to be authenticated to access the site's REST API
documentation.
Because custom user tags and comments may appear in the automatically generated
documentation,
this would represent an "information leak". Therefore, from this Werk onwards,
the site's
REST API documentation is only allowed to be accessed by logged in users.
Change-Id: I5efffe69054cff64475be10488ca52e4a85a1ba9