禁用或限制/ o /应用程序(django rest framework,oauth2) [英] Disable or restrict /o/applications (django rest framework, oauth2)
问题描述
然而,我有一个问题。我将应用程序传递给生产,并意识到/ o / applications / view可能会有问题,这是所有人都可以访问的!
我发现自己在文档中看不到任何东西,当我尝试google时,我感到非常惊讶。有没有想过什么?
有些想法要做一个自定义视图,需要认证为超级用户(但这将是奇怪的,因为它会混合不同的认证,不是吗?),或添加一个虚拟路由到401或403视图到/ o / applications /。
但是这些声音对我来说非常诡异?这不是一个官方的最好的解决方案吗?如果我是第一个遇到这个问题的人,我会感到非常惊讶,我一定错过了一些...
感谢提前!
找到解决方案
其实,/ o /是因为我有一个超级管理员会话打开。
一切都很棒,那么:)
I am currently writing a REST API using Django rest framework, and oauth2 for authentication (using django-oauth-toolkit). I'm very happy with both of them, making exactly what I want.
However, I have one concern. I'm passing my app to production, and realized there might be a problem with the /o/applications/ view, which is accessible to everyone! I found myself surprised to not see anything in the doc about it, neither when I try to google it. Did I miss something?
Some ideas where to either making a custom view, requiring authentication as super-user (but this would be weird, as it would mix different kind of authentication, wouldn't it?), or add a dummy route to 401 or 403 view to /o/applications/. But these sound quite hacky to me... isn't it any official "best" solution to do it? I'd be very surprised if I'm the first one running into this issue, I must have missed something...
Thanks by advance!
Solution found!
In fact, the reason why /o/application was accessible, is because I had a super admin session open.
Everything is great, then :)
这篇关于禁用或限制/ o /应用程序(django rest framework,oauth2)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!