[checkmk-commits] [tribe29/checkmk] 5b20c7: 14509 SEC add authentication to REST API documenta...

4 Oct 2022

  Branch: refs/heads/2.1.0
  Home:   https://github.com/tribe29/checkmk
  Commit: 5b20c7a4cbc58a95793dce926d025df9cc31de90
      https://github.com/tribe29/checkmk/commit/5b20c7a4cbc58a95793dce926d025df9c…
  Author: Christoph Rauch &lt;christoph.rauch(a)tribe29.com&gt;
  Date:   2022-10-04 (Tue, 04 Oct 2022)

  Changed paths:
    A .werks/14509
    M cmk/gui/wsgi/applications/rest_api.py
    M tests/unit/cmk/gui/plugins/openapi/test_spec_files.py
    M tests/unit/cmk/gui/plugins/openapi/test_swagger_ui.py

  Log Message:
  -----------
  14509 SEC add authentication to REST API documentation

It was previously not required to be authenticated to access the site's REST API
documentation.

Because custom user tags and comments may appear in the automatically generated
documentation,
this would represent an "information leak". Therefore, from this Werk onwards,
the site's
REST API documentation is only allowed to be accessed by logged in users.

Change-Id: I5efffe69054cff64475be10488ca52e4a85a1ba9

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[checkmk-commits] [tribe29/checkmk] 5b20c7: 14509 SEC add authentication to REST API documenta...