post articles endpoint not secured

Question

post articles endpoint not secured

andre-stefanov opened this issue 5 years ago · 2 comments

Creating a new article is not secured yet. (also getting articles is not secured by Authorization)

POST /api/articles HTTP/1.1
Content-Type: application/json
User-Agent: PostmanRuntime/7.23.0
Accept: */*
Cache-Control: no-cache
Postman-Token: c1fdc47e-2adc-4148-903f-e35a4cbb20a9
Host: nexd-api-alb-1107636132.eu-central-1.elb.amazonaws.com
Accept-Encoding: gzip, deflate, br
Content-Length: 26
Connection: keep-alive
{
    "name": "<string>"
}
HTTP/1.1 201 Created
Date: Mon, 23 Mar 2020 01:34:11 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 26
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: *
ETag: W/"1a-g3gn/OGIYbt/kt0z78KxDMIq13k"
{"name":"<string>","id":9}

Answer 1 · 2020-03-23T12:47:31.000Z

This is intentional for the hackathon MVP. The ideal was to fill the list initially.

Later, we should find a suitable flow for creating articles to buy.

Answer 2 · 2020-04-05T01:08:17.000Z

There is now a secret protection on the endpoint.