[HELP-16182] [fiware-stackoverflow] DELETE request for organizations does not require auth token - JIRA

Details

Type: Monitor
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 2021
Component/s: FIWARE-TECH-HELP
Labels:
- fiware
- fiware-keyrock

Source URL:
https://stackoverflow.com/questions/58320424/delete-request-for-organizations-does-not-require-auth-token

Description

Created question in FIWARE Q/A platform on 10-10-2019 at 12:10
Please, ANSWER this question AT https://stackoverflow.com/questions/58320424/delete-request-for-organizations-does-not-require-auth-token

Question:
DELETE request for organizations does not require auth token

Description:
I've noticed when you are about to delete an organization the suggested request in docu is this one (subsection DELETE AN ORGANIZATION inside ORGANIZATION CRUD ACTIONS):

curl -iX DELETE \
'http://localhost:3005/v1/organizations/organization-id' \
-H 'Content-Type: application/json' \

Which does not include the X-Auth-token as part of the header.

Could this result in a security issue (allowing anyone to delete any organization)?

Activity

People

Assignee:

Backlog Manager

Reporter:

Backlog Manager

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

10/Oct/19 3:06 PM

Updated:

27/May/21 10:57 AM

Resolved:

11/Oct/19 6:06 PM

Agile

View on Board