Allow replication to access /replication/_all_docs URLs

cozy / cozy-data-system

Deprecated - Data Layer for Cozy V2 Platform

https://cozy.io

GNU Affero General Public License v3.0

24 stars 21 forks source link

Allow replication to access /replication/_all_docs URLs #259

Closed clochix closed 8 years ago

clochix commented 8 years ago

Requested by @kosssi

URL POST /replication/_all_docs?include_docs=true are not allowed by checkPermissionsPostReplication.

@kosssi would like to allow them. We must be very cautious of the security implications

nono commented 8 years ago

POST /{db}/_all_docs is for getting multiple docs in one request. To allow it and be sure to respect the permissions, it's enough to check the doctype for each of the returned documents. There are no streaming issues or timeout like for other methods used in replication, so it shouldn't too complicated.