BUG - GET Profile endpoint requires authorization, should allow public access #416
Assignees
Labels
authorization
Issue is related to user auth or permissions.
bug
Something isn't working
good first issue
Good for newcomers
Comments
joneubank
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The GET profile endpoint is intended to inform the client which object storage backend to expect to interact with. This will be needed for both controlled and open access files, which means that this endpoint should not have any auth restrictions since open files can be downloaded by the public.
Currently this endpoint is only available to authenticated users that provide a valid token in the Authorization header.
Expected Behaviour
All requests to this endpoint should return the profile without authorization restrictions.
Actual Behaviour
All requests without an authorization header with valid token are rejected.
Steps to Reproduce
On any running Score server, send a request like:
Your Environment
Replicated in local running score instance as of commit e5505bc - release version 5.10.1.
The text was updated successfully, but these errors were encountered: