header checking not working
Closed this issue · 0 comments
-
I'm submitting a ...
- bug report
- feature request
- support request
-
Do you want to request a feature or report a bug?
Bug with Header authorization checking.
-
What is the current behavior?
Currently regardless of the value of the "Authorization" header the user is allowed to interact with any of the endpoints and send and receive data from them. -
If the current behavior is a bug, please provide the steps to reproduce the behavior.
Any properly formed POST to one of the endpoints will return the expected value from that endpoint. -
What is the expected behavior?
If the value of the "Authorization" header is DS_SECRET_TOKEN the the application works as expected and returns the appropriate data from the endpoints.
if the value of Authorization header is not DS_SECRET_TOKEN then a 403: forbidden error is returned to the user instead of the expected data from the endpoint call.
- What is the motivation / use case for changing the behavior?
Informational Security and compliance with COPPA regulations
-
Please tell us about your environment:
Operating system and current build version: Win, WSL2:
4.4.0-19041-Microsoft #488-Microsoft Mon Sep 01 13:43:00 PST 2020 x86_64 x86_64 x86_64 GNU/LinuxOutput from
pip freezefor the following packages:on
python 3.7.6fastapi==0.60.1 pandas numpy plotly uvicorn==0.11.8 google-cloud-vision==1.0.0 textstat==0.6.2output from command:
python 3.7.6
python 3.8.2 -
Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)