Branch: refs/heads/2.0.0
Home:
https://github.com/tribe29/checkmk
Commit: b3c58ab36d9d9dd0d8e9e5f4f0fb68906987a9b6
https://github.com/tribe29/checkmk/commit/b3c58ab36d9d9dd0d8e9e5f4f0fb68906…
Author: Christoph Rauch <christoph.rauch(a)tribe29.com>
Date: 2022-10-05 (Wed, 05 Oct 2022)
Changed paths:
A .werks/14509
M cmk/gui/wsgi/applications/rest_api.py
M tests/unit/cmk/gui/plugins/openapi/test_spec_files.py
M tests/unit/cmk/gui/plugins/openapi/test_swagger_ui.py
Log Message:
-----------
14509 SEC add authentication to REST API documentation
It was previously not required to be authenticated to access the site's REST API
documentation.
Because custom user tags and comments may appear in the automatically generated
documentation,
this would represent an "information leak". Therefore, from this Werk onwards,
the site's
REST API documentation is only allowed to be accessed by logged in users.
Change-Id: I5efffe69054cff64475be10488ca52e4a85a1ba9