The xapit/reload controller action is public and accessible to everyone. This should be protected and require some kind of authorization so the public users cannot trigger it.
This should be possible with a simple key setting. Maybe like this:
XapitSync.private_key = "alsdhskdfhlizhzlsdfhkwe"
If this exists then it is required that this be specified in the URL when triggering xapit controller actions.
The
xapit/reloadcontroller action is public and accessible to everyone. This should be protected and require some kind of authorization so the public users cannot trigger it.This should be possible with a simple key setting. Maybe like this:
If this exists then it is required that this be specified in the URL when triggering xapit controller actions.