This repository has been archived by the owner on Dec 12, 2021. It is now read-only.
Secret key #4
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The
xapit/reloadcontroller action is public and accessible to everyone. This should be protected and require some kind of authorization so the public users cannot trigger it.This should be possible with a simple key setting. Maybe like this:
If this exists then it is required that this be specified in the URL when triggering xapit controller actions.
The text was updated successfully, but these errors were encountered: