Closed davidoskky closed 1 year ago
The GET /sources/list
and GET /sources
endpoints contain private information like the parameters of sources (including e.g. secret tokens for Twitter API).
On the other hand, GET /sources/stats
contains only the bare minimum needed to display the list of sources in the sidebar so it should be fine to expose in the public mode.
As long as we want to allow viewing specific sources in the public mode, I do not foresee any change in the level of access.
Turns out the security level was not correctly declared in the API docs. I have rectified that.
In public mode it's possible to read articles from the web application without logging in, the list of tags and sources is available. The api however does not provide the list of sources and returns "Access forbidden!" when making a GET request to /sources/list It's possible to get the list of sources from /sources/stats
Is this the expected behavior and can we expect this to keep working in the future?