Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
Description
Created question in FIWARE Q/A platform on 10-10-2019 at 12:10
Please, ANSWER this question AT https://stackoverflow.com/questions/58320424/delete-request-for-organizations-does-not-require-auth-token
Question:
DELETE request for organizations does not require auth token
Description:
I've noticed when you are about to delete an organization the suggested request in docu is this one (subsection DELETE AN ORGANIZATION inside ORGANIZATION CRUD ACTIONS):
curl -iX DELETE \
'http://localhost:3005/v1/organizations/organization-id' \
-H 'Content-Type: application/json' \
Which does not include the X-Auth-token as part of the header.
Could this result in a security issue (allowing anyone to delete any organization)?
Activity
2019-10-11 15:06|UPDATED status: transition Answer| # answers= 1, accepted answer= True
2019-10-11 18:05|UPDATED status: transition Finish| # answers= 1, accepted answer= True
2019-10-10 15:05|CREATED monitor | # answers= 0, accepted answer= False