Currently, Grout Server is configured to permit access to all HTTP methods from any user; it assumes that, like DRIVER, your API is only accessible to authenticated users.
It would be more useful to set the default permissions to IsAuthenticatedOrReadOnly, which would allow anyone to use read-only methods but would restrict write methods to logged-in users.
jeancochrane
commented
6 years ago
Currently, Grout Server is configured to permit access to all HTTP methods from any user; it assumes that, like DRIVER, your API is only accessible to authenticated users.
It would be more useful to set the default permissions to
IsAuthenticatedOrReadOnly, which would allow anyone to use read-only methods but would restrict write methods to logged-in users.