Closed Bartmax closed 9 years ago
https://github.com/aspnet/live.asp.net/blob/a3ad4d4498cb2e836b0a8558ce1bd8f2eed61c29/src/live.asp.net/Controllers/AdminController.cs#L88-L89
clearcache (post) doesn't have [Authorize("Admin")] attribute. I think it would be an improvement to have the [Authorize] filter at the controller level instead of per action.
[Authorize("Admin")]
[Authorize]
With a simple POST everyone can clear the youtube cache, causing a waste of resources.
@DamianEdwards what do you think?
Agreed. That's an oversight, we should just put it on the controller.
https://github.com/aspnet/live.asp.net/blob/a3ad4d4498cb2e836b0a8558ce1bd8f2eed61c29/src/live.asp.net/Controllers/AdminController.cs#L88-L89
clearcache (post) doesn't have
[Authorize("Admin")]
attribute. I think it would be an improvement to have the[Authorize]
filter at the controller level instead of per action.