search

BreeeZe / rpos

Raspberry Pi Onvif Server
http://breeeze.github.io/rpos
MIT License
647 stars 147 forks source link

Unauthorized access vulnerability #67

Open xfgryujk opened 5 years ago

xfgryujk commented 5 years ago

This callback won't be called if the request doesn't include any header

no auth

auth

RogerHardiman commented 5 years ago

thanks for the issue report. I'm not able to do any RPOS work for few weeks. Do you have some patches I can apply?

xfgryujk commented 5 years ago

thanks for the issue report. I'm not able to do any RPOS work for few weeks. Do you have some patches I can apply?

According to this, maybe you can change 'headers' to 'request'. But I have not tested yet