on 04-18-2023 11:49 AM
Hi CAP team,
The feature flag `cds.env.requires.auth.restrict_all_services: false` is broken on the latest release @sap/cds@6.7.1. However, it still worked on 6.1.0.
Related cap documentation: https://cap.cloud.sap/docs/releases/jun22#auth-by-default
See below code that was completely bypassed in latest release:
@sap/cds/libx/_runtime/auth/index.js > line 163
// Security by default: set restrict_all_services if not disabled
// this is done dynamically to also cover custom auth impl
if (process.env.NODE_ENV === 'production' && config.restrict_all_services !== false) {
config.restrict_all_services = true
}
Hi jhodel18,
Thanks, can confirm now. It's caused by serving to graphql. We will look into it asap.
Best,
Sebastian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
73 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.