Closed thegreyd closed 7 years ago
Done. It will only show user's email for now. Let me know what you wanna display so I can change accordingly.
@DevArenaCN I don't think you should be able to get any JSON response at that url. The server only exists for the app and the app doesn't use that path, so no reason to keep it public.
Oh I thought you wanna use that path. I can delete it right now.
Done!
All the registered users with their auth tokens are visible. Not secure.
This happens when a HTTP GET request is sent to https://zapserver.herokuapp.com/api/users/1, server returns all the details of the user as JSON response.
https://zapserver.herokuapp.com/api/users/1 https://zapserver.herokuapp.com/api/users/2 ..etc.