DevArenaCN
commented
7 years ago Done. It will only show user's email for now. Let me know what you wanna display so I can change accordingly.
Closed thegreyd closed 7 years ago
DevArenaCN
commented
7 years ago Done. It will only show user's email for now. Let me know what you wanna display so I can change accordingly.
thegreyd
commented
7 years ago @DevArenaCN I don't think you should be able to get any JSON response at that url. The server only exists for the app and the app doesn't use that path, so no reason to keep it public.
DevArenaCN
commented
7 years ago Oh I thought you wanna use that path. I can delete it right now.
DevArenaCN
commented
7 years ago Done!
All the registered users with their auth tokens are visible. Not secure.
This happens when a HTTP GET request is sent to https://zapserver.herokuapp.com/api/users/1, server returns all the details of the user as JSON response.
https://zapserver.herokuapp.com/api/users/1 https://zapserver.herokuapp.com/api/users/2 ..etc.