Closed gilz688 closed 7 years ago
The following array was passed to JwtAuthentication class constructor:
$options = [ "secret" => $_ENV["JWT_SECRET"], "path" => ["/api/v1"], "passthrough" => ["/api/v1/login"] ]
Sending an HTTP request to "http://localhost/api/v1/restricted" returns HTTP 401 Unauthorized but for some reason I am able to bypass JWT authentication by adding one or more extra slashes after the domain name. e.g. "http://localhost//api/v1/restricted"
The following array was passed to JwtAuthentication class constructor:
Sending an HTTP request to "http://localhost/api/v1/restricted" returns HTTP 401 Unauthorized but for some reason I am able to bypass JWT authentication by adding one or more extra slashes after the domain name. e.g. "http://localhost//api/v1/restricted"