Some controllers unauthorized

dylan.riden · October 5, 2022, 1:38pm

Hi,

I have been playing around with a test project and noticed that some of the CSV/Excel export controllers do not have authorize tags on them.

Testing this further, I deleted all cookies and did not log in. I was able to call the API directly and actually download.

I am using AzureAd authentication, with a Postgres datasource.

Is there anything I may be missing here

Thanks!

enchev · October 5, 2022, 1:44pm

dylan.riden · October 5, 2022, 1:53pm

Sorry I didn't see this one, is there any plans to make this a default when security is added?

Thanks

enchev · October 5, 2022, 1:57pm

We don't have plans to mark this controller by default with Authorize attribute - it will be serious braking change for all existing applications.