You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
config-service currently exposes every config endpoint (/api/config/gui, /api/config/user-system) as @PermitAll, so any anonymous caller can read the full GUI configuration. Only a small subset of these fields is actually needed before login. Split out the pre-login fields into a dedicated /api/config/pre-login endpoint and require authentication on the rest.
Task Summary
config-servicecurrently exposes every config endpoint (/api/config/gui,/api/config/user-system) as@PermitAll, so any anonymous caller can read the full GUI configuration. Only a small subset of these fields is actually needed before login. Split out the pre-login fields into a dedicated/api/config/pre-loginendpoint and require authentication on the rest.Task Type