You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using per user authentication, and returning media as URL instead of base64 encoded file in the response, the media URL itself is unsecured and accessible by unauthenticated users.
This is a huge security flaw - could not find in documentation how to address this. The files accessible via the media endpoint should ideally be secured using the same rules as the "parent" endpoints used to store them.
Or - am I missing something here?
Regards,
Anton
The text was updated successfully, but these errors were encountered:
Hi,
When using per user authentication, and returning media as URL instead of base64 encoded file in the response, the media URL itself is unsecured and accessible by unauthenticated users.
This is a huge security flaw - could not find in documentation how to address this. The files accessible via the media endpoint should ideally be secured using the same rules as the "parent" endpoints used to store them.
Or - am I missing something here?
Regards,
Anton
The text was updated successfully, but these errors were encountered: