Closed Helw150 closed 6 years ago
Accessing the Admin API directly should be denied based on authorization.
Admin API can be accessed directly using curl.
Any Set/Put requests should somehow be checked using the auth token we get from Google Authentication.
Duplicate of #422
Expected Behavior
Accessing the Admin API directly should be denied based on authorization.
Current Behavior
Admin API can be accessed directly using curl.
Possible Solution
Any Set/Put requests should somehow be checked using the auth token we get from Google Authentication.
Steps to Reproduce (for bugs)