Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
TBD
-
Resolution: Done
-
Affects Version/s: 2.9.0
-
Fix Version/s: 2.9.1
-
Labels:
-
Template:customfield_11100 51912
-
Sprint:CP: sprint 125
-
Story Points:2
-
Development Team:Core: Platform
Description
mod-authtoken returns headers in case of 403-type of errors, such as X-Okapi-Module-Tokens. This tricked Okapi to save them (OKAPI-1037).. But in general, headers like these should not be returned in case of errors.
It can be spotted in code sections easily - as if the mod-authtoken deliberately wants to return that header always.
TestRail: Results
Attachments
Issue Links
- relates to
-
OKAPI-1037 Missing permission check when token cache and pre/post filter
-
- Closed
-
-
MODAT-38 Missing module token when calling /token as a filter
-
- Closed
-