Uploaded image for project: 'ListenBrainz'
  1. ListenBrainz
  2. LB-791

If you request a public url with an invalid token, it succeeds

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Normal Normal
    • None
    • None
    • None

      If you request a url that doesn't require authentication (for example /1/user/(user_name)/listens), but you also provide an Authorization header with invalid data, you get the information that you requested.

      I'm not sure if it makes sense to validate this data on public endpoints or not. Thoughts?

      One potential reason to verify on all requests is if we have a separate rate limit rate for authorised clients...

          Loading...
          Uploaded image for project: 'ListenBrainz'
          1. ListenBrainz
          2. LB-791

          If you request a public url with an invalid token, it succeeds

            • Icon: Bug Bug
            • Resolution: Fixed
            • Icon: Normal Normal
            • None
            • None
            • None

              If you request a url that doesn't require authentication (for example /1/user/(user_name)/listens), but you also provide an Authorization header with invalid data, you get the information that you requested.

              I'm not sure if it makes sense to validate this data on public endpoints or not. Thoughts?

              One potential reason to verify on all requests is if we have a separate rate limit rate for authorised clients...

                    kartik1712 amCap1712
                    alastairp Alastair Porter
                    Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                      Created:
                      Updated:
                      Resolved:

                        Version Package

                          kartik1712 amCap1712
                          alastairp Alastair Porter
                          Votes:
                          0 Vote for this issue
                          Watchers:
                          2 Start watching this issue

                            Created:
                            Updated:
                            Resolved:

                              Version Package