Hi,
Please see the bellow image, I am not sending Authorization header and I still get results in my rest query. even in chrome incognito plain GET request i get results.
What am I missing, how come my rest query is not protected
Thanks
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<queries xmlns="http://schemas.haulmont.com/cuba/rest-queries.xsd">
<query entity="crm$ProductEntity"
name="productEntity-query"
view="productEntity-view">
<jpql>
<![CDATA[select p from crm$ProductEntity p where p.tenantId=:tenantId]]>
</jpql>
<params>
<param name="tenantId" type="java.lang.String" />
</params>
</query>
</queries>
@artamonov sure I have anonimouse ebabled, this is how my site communicates the server to register new user.
The anonimouse user does not have access to the ProductEntity and the permissions.
Thanks
If the anonymous user doesn’t have permissions for reading the “ProductEntity”, then no data should be returned and you should get the 403 error back. Please check permissions for the “anonymous” user once again carefully. If you’re sure that permissions are fine then please create a small demo project where the problem can be reproduced and attach it here.
