Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

could import config file without auth #1857

Closed
ghost opened this issue Sep 18, 2019 · 4 comments
Closed

could import config file without auth #1857

ghost opened this issue Sep 18, 2019 · 4 comments

Comments

@ghost
Copy link

ghost commented Sep 18, 2019
edited by ghost
Loading

Issue Description

Type: bug report

Describe what happened (or what feature you want)

with 1.1.3 and 1.1.0, any one could upload/import config file using api /cs/configs?import=true&namespace=,but without auth

Describe what you expected to happen

/cs/configs?import=true&namespace= api should be secured using auth token
@ly641921791
Copy link
Contributor

I think the URL format like http://username:password@serverIp:8848/nacos/v1/xxx should solve the problem. This question is very similar to #1847

@zxcvbnmzsedr
Copy link

you can remove /v1/ns/** from nacos.security.ignore.urls,
https:/alibaba/nacos/blob/develop/console/src/main/java/com/alibaba/nacos/console/config/WebSecurityConfig.java

@nkorange
Copy link
Collaborator

nkorange commented Dec 6, 2019

Access control will be added in 1.2.0, which is tracked in #1105

@nkorange nkorange closed this as completed Dec 6, 2019
@happystar22
Copy link

Access control will be added in 1.2.0, which is tracked in #1105

什么时候会上 1.2.0 呢?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nkorange @zxcvbnmzsedr @happystar22 @ly641921791