You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Since this is a core application bundled with existtdb it should follow security best practices.
Describe the solution you'd like
Instead of defaulting to allow any route on top of some explicitly handled ones, the controller should handle each allowed route explicitly and any other route should result in a specific error (eg. NotFound with HTTP status-code 404).
Here is the default route handling code in the controller.xql
Is your feature request related to a problem? Please describe.
Since this is a core application bundled with existtdb it should follow security best practices.
Describe the solution you'd like
Instead of defaulting to allow any route on top of some explicitly handled ones, the controller should handle each allowed route explicitly and any other route should result in a specific error (eg. NotFound with HTTP status-code 404).
Here is the default route handling code in the controller.xql
documentation/src/main/xar-resources/controller.xql
Lines 101 to 104 in 4d06731
Describe alternatives you've considered
Switch to https://github.com/eeditiones/roaster which will ensure explicit route handling.
Not exposing this application on public servers.
The text was updated successfully, but these errors were encountered: