aungwinthant
commented
4 years ago I am thinking about it too. I'll handle this one.
Open lloy0076 opened 4 years ago
aungwinthant
commented
4 years ago I am thinking about it too. I'll handle this one.
mtveerman
commented
4 years ago This is a must. Else detailed info, and info valuable with regards to marketing (e.g number of requests or day) is visible to public.
I was thinking the requesting user id should also be logged, in which case the apilogger view definitely needs to be guarded.
(Look at how larecipe guards and defined it's routes. Not that hard)
aungwinthant
commented
4 years ago Thanks I will definitely look into it.
dansleboby
commented
2 years ago Added in #42
It seems at the moment that any user can see the logs (in /apilogs); obviously this could be a security issue.
It could be optional to protect that route(s) with a guard (which could be configurable).