This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Remove the requirement to authenticate for /admin/server_version. #5122
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
erikjohnston
approved these changes
May 2, 2019
richvdh
force-pushed
the
rav/deauth_versions
branch
from
b2d3274
to
b6ec1c2
Compare
Codecov Report
@@ Coverage Diff @@
## develop #5122 +/- ##
===========================================
- Coverage 61.69% 61.65% -0.05%
===========================================
Files 336 335 -1
Lines 34551 34500 -51
Branches 5674 5669 -5
===========================================
- Hits 21317 21270 -47
+ Misses 11706 11704 -2
+ Partials 1528 1526 -2 |
Codecov Report
@@ Coverage Diff @@
## develop #5122 +/- ##
===========================================
- Coverage 61.69% 61.68% -0.02%
===========================================
Files 336 336
Lines 34551 34549 -2
Branches 5674 5674
===========================================
- Hits 21317 21312 -5
- Misses 11706 11708 +2
- Partials 1528 1529 +1 |
This endpoint isn't much use for its intended purpose if you first need to get yourself an admin's auth token. I've restricted it to the `/_synapse/admin` path to make it a bit easier to lock down for those concerned about exposing this information. I don't imagine anyone is using it in anger currently.
richvdh
force-pushed
the
rav/deauth_versions
branch
from
fc5c9cf
to
cf016d3
Compare
anoadragon453
added a commit
that referenced
this pull request
May 10, 2019
* develop: (45 commits) URL preview blacklisting fixes (#5155) Revert 085ae34 Add a DUMMY stage to captcha-only registration flow Make Prometheus snippet less confusing on the metrics collection doc (#4288) Set syslog identifiers in systemd units (#5023) Run Black on the tests again (#5170) Add AllowEncodedSlashes to apache (#5068) remove instructions for jessie installation (#5164) Run `black` on per_destination_queue Limit the number of EDUs in transactions to 100 as expected by receiver (#5138) Fix bogus imports in tests (#5154) add options to require an access_token to GET /profile and /publicRooms on CS API (#5083) Do checks on aliases for incoming m.room.aliases events (#5128) Remove the requirement to authenticate for /admin/server_version. (#5122) Fix spelling in server notices admin API docs (#5142) Fix sample config 0.99.3.2 include disco in deb build target list changelog Debian: we now need libpq-dev. ...
|
So, since 0.99.4 the API should be here Tried :
Plus, |
4 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This endpoint isn't much use for its intended purpose if you first need to
get yourself an admin's auth token.
I've restricted it to the
/_synapse/adminpath to make it a bit easier tolock down for those concerned about exposing this information. I don't
imagine anyone is using it in anger currently.
Based on #5120.