Skip to content

systeminfo API may show less info when it's triggered by anonymous(unauthenticated) user #9149

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#13606
Closed
systeminfo API may show less info when it's triggered by anonymous(unauthenticated) user#9149
#13606
Assignees
reasonerjt
Labels
candidate/2.2.0kind/break-changekind/debtsecurity
Milestone
 
Sprint 98
@reasonerjt

Description

@reasonerjt
reasonerjt
opened on Sep 19, 2019

The example of response of GET /api/systeminfo

{
  "with_notary": false,
  "with_clair": false,
  "with_admiral": false,
  "admiral_endpoint": "",
  "auth_mode": "oidc_auth",
  "registry_url": "jt-dev.local.goharbor.io",
  "external_url": "https://jt-dev.local.goharbor.io",
  "project_creation_restriction": "everyone",
  "self_registration": false,
  "has_ca_root": false,
  "harbor_version": "v1.9.0-6dd2ae90",
  "registry_storage_provider_name": "filesystem",
  "read_only": false,
  "with_chartmuseum": false,
}

some of the data, such as registry_storage_provider_name project_creation_restriction is not necessary to be included when the requester is not authenticated.

So from security's perspective, we may consider return extra data only when user is authenitcated or have proper permission.

Metadata

Assignees

Labels

candidate/2.2.0kind/break-changekind/debtsecurity

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions