OPTIONS on endpoints may leak data

csrdelft / balins-adventure

We're going on an ADVENTURE!

3 stars 0 forks source link

OPTIONS on endpoints may leak data #59

Closed ajrouvoet closed 9 years ago

ajrouvoet commented 9 years ago

OPTIONS request on most resources are public, but they can leak data through available options. This should be fixed.

thervh70 commented 9 years ago

Op welke apps / services heeft dit invloed?

ajrouvoet commented 9 years ago

Alle ViewSets supporten automatisch OPTIONS requests. Dat is fijn, maar dan moeten we die ofwel intern maken, ofwel de available options die automatisch op sommige fields worden teruggegeven weghalen.

Voor het intern maken van die metadata kunnen we vast wel een mixin maken.

ajrouvoet commented 9 years ago

When using the StekViewSet as a viewset base class, the metadata is overridden to be very minimal; this solves this issue.