The GET profile endpoint is intended to inform the client which object storage backend to expect to interact with. This will be needed for both controlled and open access files, which means that this endpoint should not have any auth restrictions since open files can be downloaded by the public.
Currently this endpoint is only available to authenticated users that provide a valid token in the Authorization header.
Expected Behaviour
All requests to this endpoint should return the profile without authorization restrictions.
Actual Behaviour
All requests without an authorization header with valid token are rejected.
Steps to Reproduce
On any running Score server, send a request like:
curl -X GET "https://score.example.org/profile" -H "accept: */*"
Your Environment
Replicated in local running score instance as of commit e5505bc - release version 5.10.1.
Description
The GET profile endpoint is intended to inform the client which object storage backend to expect to interact with. This will be needed for both controlled and open access files, which means that this endpoint should not have any auth restrictions since open files can be downloaded by the public.
Currently this endpoint is only available to authenticated users that provide a valid token in the Authorization header.
Expected Behaviour
All requests to this endpoint should return the profile without authorization restrictions.
Actual Behaviour
All requests without an authorization header with valid token are rejected.
Steps to Reproduce
On any running Score server, send a request like:
Your Environment
Replicated in local running score instance as of commit e5505bc - release version 5.10.1.