Details
-
Bug
-
Status: Closed (View Workflow)
-
TBD
-
Resolution: Done
-
2.9.0
-
-
CP: sprint 125
-
2
-
Core: Platform
Description
mod-authtoken returns headers in case of 403-type of errors, such as X-Okapi-Module-Tokens. This tricked Okapi to save them (OKAPI-1037).. But in general, headers like these should not be returned in case of errors.
It can be spotted in code sections easily - as if the mod-authtoken deliberately wants to return that header always.
TestRail: Results
Attachments
Issue Links
- relates to
-
OKAPI-1037 Missing permission check when token cache and pre/post filter
-
- Closed
-
-
MODAT-38 Missing module token when calling /token as a filter
-
- Closed
-