"Authentication error 403 api_key is None and require_auth is True"
I think that message gives too much information from a security standpoint, and the usual "403 Forbidden" would be about the right level of disclosure.
That said, it would be nice to maintain the current message if running in debug mode (or perhaps to put into the server log).
I browsed to http://localhost:8080/audit after logging out, and the server returned this error page:
"Authentication error 403 api_key is None and require_auth is True"
I think that message gives too much information from a security standpoint, and the usual "403 Forbidden" would be about the right level of disclosure.
That said, it would be nice to maintain the current message if running in debug mode (or perhaps to put into the server log).