Improve /api/getRequests/:number endpoint security

ProjectCopilot / mailroom

Copilot's air traffic controller.

1 stars 0 forks source link

Improve /api/getRequests/:number endpoint security #95

Closed gmittal closed 7 years ago

gmittal commented 7 years ago

@ankitr PTAL

gmittal commented 7 years ago

Instead of returning all of the case information (messages, real name, age, school, etc.), the API endpoint only returns an ID with the anonymized information that is viewable by the volunteer (currently an alias, gender, and Copilot help status).