Open raftmsohani opened 1 month ago
Description: During studying recent zap scanner findings here, the backend api can be browsed, although it cannot be accessed by unauthorized user.
To increase security, the backend API can be stopped by Nginx (instead of backend) using similar approach as in here.
Acceptance Criteria:
Tasks: Create a list of granular, specific work items that must be completed to deliver the desired outcomes of this issue
/v1
Notes:
Description: During studying recent zap scanner findings here, the backend api can be browsed, although it cannot be accessed by unauthorized user.
To increase security, the backend API can be stopped by Nginx (instead of backend) using similar approach as in here.
Acceptance Criteria:
Tasks: Create a list of granular, specific work items that must be completed to deliver the desired outcomes of this issue
/v1
endpoints can be access by an approved user with a valid session/v1
endpoints return 403 for unapproved user/v1
endpoints return 403 for user with invalid session/v1
endpoints return 403 for user with no sessionNotes: