Skip to content
This repository has been archived by the owner on Dec 23, 2023. It is now read-only.

API public permissions always reachable #81

Open
Bryelmo opened this issue Mar 27, 2023 · 0 comments
Open

API public permissions always reachable #81

Bryelmo opened this issue Mar 27, 2023 · 0 comments

Comments

@Bryelmo
Copy link

Bryelmo commented Mar 27, 2023

Hi everybody,

I want to notice you that:

  • POST /api/editorjs/image/byFile returns status 200
  • POST /api/editorjs/image/byUrl returns status 500
  • GET /api/editorjs/link returns status 200
    even if they are disabled in the Strapi permissions panel.

Maybe could a security issue.

Thank you.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Bryelmo