Protect the /admin/api/advanced route
CashWilliams opened this issue · 2 comments
CashWilliams commented
Currently the reservoir_ui.api.advanced route is open to the public due to https://github.com/acquia/reservoir/blob/8.x-1.x/modules/reservoir_ui/reservoir_ui.routing.yml#L41
CashWilliams commented
Note: This is a security issue, but since there is not a stable release, the module/profile is not covered by the Drupal Security Team.
tedbow commented
@CashWilliams thanks created a PR