Closed adamdecaf closed 4 years ago
Customers Version: v0.5.0-dev23
v0.5.0-dev23
What were you trying to do? When loading GET /customers/{customerID} the X-Organization header is not checked such that Customer belongs to the Organization.
GET /customers/{customerID}
X-Organization
There's no check in the endpoint currently
https://github.com/moov-io/customers/blob/v0.5.0-dev23/pkg/customers/customers.go#L56-L67
What did you expect to see? The X-Organization header is used to filter Customers returned - often by authentication systems.
Customers Version:
v0.5.0-dev23
What were you trying to do? When loading
GET /customers/{customerID}
theX-Organization
header is not checked such that Customer belongs to the Organization.There's no check in the endpoint currently
https://github.com/moov-io/customers/blob/v0.5.0-dev23/pkg/customers/customers.go#L56-L67
What did you expect to see? The
X-Organization
header is used to filter Customers returned - often by authentication systems.